Thursday March 23, 2017

Ubuntu Security Notices: Out of date software leaves you vulnerable

(posted on Thursday March 23, 2017 at 18:55 AWST)

Two weeks ago, Der Spiegel wrote an article highlighting that out of date software on private clouds was leaving government and political party information vulnerable to being hacked. Given that political organisations being targeted is currently such a hot topic, it is somewhat of a surprise how widespread this issue appears to be. After discovering the size and scope of the problem through their own investigations, Nextcloud decided to take a proactive approach and help organisations’ awareness and address potential vulnerabilities.

The large number of insecure servers came to light as a result of a tool that Nextcloud was developing. Given their findings, Nextcloud took the somewhat unusual industry step to proactively work with Computer Emergency Response Teams in various countries to notify affected people of the risks, in an effort to help keep their data as secure as possible.

The Der Spiegel article and Nextcloud’s response which chose transparency over secrecy and following security best practices are a must read for everyone in the industry and a timely reminder to us all of the importance of updating our software on a regular basis.

As mentioned in NextCloud’s blog response, they have now released the Nextcloud Private Cloud Security Scanner as a quick and simple tool to enable users to regularly check their servers and ensure always up to date software. However the ideal scenario is for software updates to happen automatically and reduce the risk of a security threat as a result, especially so for smaller organisations and consumers, which often lack the technical know-how to maintain their system up to date . This is a feature that’s built into snaps, the universal Linux application packaging format, which is why Nextcloud uses snaps to distribute their software as part of their Nextcloud Box offering. Users of the box will get automated updates of their Nextcloud software whenever a new release is made available in the store. As a matter of fact the NextCloud Box is built on Ubuntu core, the version of Ubuntu entirely built out of snaps. This means that the entire software on the box is seamlessly updated without administrator involvement, and it literally takes no effort to keep your storage secure.

Comments

Slashdot: SpaceX Disappointed In Lack of NASA Mars Funding; Starts Looking For Landing Sites For Its Own Mars Missions

(posted on Thursday March 23, 2017 at 18:00 AWST)

frank249 writes: Elon Musk says that the new NASA authorization legislation "changes almost nothing about what NASA is doing. Existing programs stay in place and there is no added funding for Mars." From a report via Ars Technica: "Musk is absolutely correct on two counts. First, an 'authorization' bill does not provide funding. That comes from appropriations committees. Secondly, while Congress has been interested in building rockets and spacecraft, it is far less interested in investing in the kinds of technology and research that would actually enable a full-fledged Mars exploration program." In other news, SpaceNews reports that "SpaceX has been working with NASA to identify potential landing sites on Mars for both its Red Dragon spacecraft (starting in 2020) and future human missions." From the report: "Paul Wooster of SpaceX said the company, working with scientists at NASA's Jet Propulsion Laboratory and elsewhere, had identified several potential landing sites, including one that looks particularly promising -- Arcadia Planitia. Those landing sites are of particular interest, he said, for SpaceX's long-term vision of establishing a human settlement on Mars, but he said the company wouldn't rule out sending Red Dragon spacecraft elsewhere on the planet to serve other customers. 'We're quite open to making use of this platform to take various payloads to other locations as well,' he said. 'We're really looking to turn this into a steady cadence, where we're sending Dragons to Mars on basically every opportunity.' The Red Dragon spacecraft, he said, could carry about one ton of useful payload to Mars, with options for those payloads to remain in the capsule after landing or be deployed on the surface. 'SpaceX is a transportation company,' he said. 'We transport cargo to the space station, we deliver payloads to orbit, so we're very happy to deliver payloads to Mars.'" Fans of the book/movie "The Martian" would be happy if SpaceX does select Arcadia Planitia for their first landing site as that was the landing site of the Ares 3.

Read more of this story at Slashdot.

DFES Emergency Alerts: Take action with damaging winds and heavy rainfall coming in parts of the Pilbara and Midwest Gascoyne

DFES Emergency Alerts (posted on Thursday March 23, 2017 at 16:53 AWST)

Category: Storm
Alert Summary: ​If you live in parts of the Pilbara and Gascoyne districts you should take action and stay safe with damaging winds and heavy rainfall to come. Locations which may be affected include Newman, Paraburdoo, Port Hedland, Tom Price, Three Rivers and Whim Creek.
Content:

​If you live in parts of the Pilbara and Gascoyne districts you should take action and stay safe with damaging winds and heavy rainfall to come. Locations which may be affected include Newman, Paraburdoo, Port Hedland, Tom Price, Three Rivers and Whim Creek. This weather is not unusual for this time of year, but could damage homes and make travel dangerous. 

WHAT TO DO: 

DFES advises you to: 

If outside find safe shelter away from trees, powerlines, storm water drains and streams.

Close your curtains and blinds, and stay inside away from windows.

Unplug electrical appliances and avoid using landline telephones if there is lightning.

If there is flooding, create your own sandbags by using pillow cases filled with sand and place them around doorways to protect your home.

If boating, swimming or surfing leave the water.

IF DRIVING:

Do not drive into water of unknown depth and current.

Slow down, turn your lights on and keep a safe distance from other drivers.

Be alert and watch for hazards on the road such as fallen powerlines and loose debris.

If it is raining heavily and you cannot see, pull over and park with your hazard lights on until the rain clears.

Take care in areas that have been flooded and be careful driving on gravel roads as surfaces will be slippery and muddy, and vehicles could become bogged.

People are being urged to do what they can to help themselves, if it is safe to do so, before calling the SES for assistance 


WEATHER DETAILS: 

At 23/03/2017 16:33pm the Bureau of Meteorology advised at 4:30pm radar imagery showed the tropical low just to the south of Port Hedland. The low will generally track southwards and weaken during the evening. Heavy rainfall that may lead to flash flooding is possible. Heavy rainfall is currently occurring in northern parts of the warning area and will extend through the remainder of the Pilbara area this evening and into north-eastern parts of the Gascoyne tomorrow. There is a risk of damaging winds to 100 kilometres per hour near the centre of the low for the remainder of the afternoon, before easing during the evening as the low weakens. Predicted tides will be higher than normal to the east of the tropical low for the remainder of Thursday. Flood Watches and Warnings are current for parts of the Pilbara. Port Hedland Airport recorded a wind gust of 94 kilometres per hour at 12:57pm and has recorded 45 millimetres of rainfall since 9am this morning. 


ROAD CLOSURES AND CONDITIONS: 

Roads are closed including:

Ripon Hills Road to all vehicles in both directions from Marble Bar to Telfer Turnoff. 

Marble Bar Road from Port Hedland to Marble Bar closed to all vehicles. 

Please note:

Marble Bar Road from Marble Bar to Nullgaine open to high clearance four wheel drives only.

Marble Bar Road from Nullagine to Roy Hill Village Access open to high clearance four wheel drives only.

Nanutarra Munjina Road from Bingarn Road to Hamersley Turn-off open to high clearance four wheel drives only.

Nanutarra Munjina Road from Hamersley Turn-off to Auski open to high clearance four wheel drives and trucks.

Water over the road: 

North West Coastal Highway open to all vehicles with extreme caution in both directions between Port Hedland and Karratha.

Great Northern Highway open to all vehicles with extreme caution in both birections between Auski to Sandfire. 

Great Northern Highway approximately 2 to 3 kilometres south of Turner River bridge - single lane closure due to pavement damage - high clearance four wheel drives and trucks only.

Heavy rainfall is predicted in the Pilbara region causing flash flooding and unpredictable levels in floodways and river crossings. Motorists are advised to exercise extreme caution on all roads and check conditions before travel. 

Take extra care on the roads and do not drive into water of unknown depth and current.

Road information may also be available by calling Main Roads WA on 138 138 or visiting www.mainroads.wa.gov.au or by contacting your local Shire.


WHAT EMERGENCY SERVICES ARE DOING: 

DFES is monitoring the situation.


IF YOU NEED ASSISTANCE: 

If your home has been badly damaged by a storm, call the SES on 132 500

In a life threatening situation call 000

After a storm SES volunteers make temporary repairs to homes that have been badly damaged, such as roofs that have been ripped off or large fallen trees on homes or cars. Please contact your insurance company to organise permanent repairs. 


KEEP UP TO DATE: 

Visit www.emergency.wa.gov.au, call 13 DFES (13 3337), follow DFES on Twitter @dfes_wa, or listen to news bulletins.  

Updates will be provided when the situation changes. 

Publication Time: 23/03/2017 4:51 PM
Region: Pilbara, Midwest Gascoyne

OpenBSD Journal: golang now has native support for OpenBSD's pledge(2)

OpenBSD Journal (posted on Thursday March 23, 2017 at 16:37 AWST)

Google's golang, collaboratively developed by Unix and C pioneers like Ken Thompson, Rob Pike et al has been very BSD friendly (the language itself is BSD licensed) and it just got even friendlier for OpenBSD's pledge mechanism.

To quote the diff:

"unix: add support for OpenBSD pledge

Pledge, the privilege-restricting syscall and mitigation mechanism, was missing from syscall_openbsd.go. As of the latest release, it is officially supported in 'stable'."

Link to the full golang diff here: https://go.googlesource.com/sys/+/8fd966b47dbdd4faa03de0d06e3d733baeb9a1a9%5E%21/

Slashdot: Mars Rover Spots Clouds Shaped By Gravity Waves

(posted on Thursday March 23, 2017 at 15:00 AWST)

sciencehabit writes from a report via Science Magazine: NASA's Curiosity rover has shot more than 500 movies of the clouds above Mars, including the first ground-based view of martian clouds shaped by gravity waves, researchers reported this week at the Lunar and Planetary Science Conference. The shots are the best record made so far of a mysterious recurring belt of equatorial clouds known to influence the martian climate. Understanding these clouds will help inform estimates of ground ice depth and perhaps recurring slope lineae, potential flows of salty water on the surface, says John Moores, a planetary scientist at York University in Toronto, Canada, who led the study with his graduate student, Jake Kloos. "If we wish to understand the water story of Mars's past," Moores says, "we first need to [separate out] contributions from the present-day water cycle." Using Curiosity's navigation camera, Moores and Kloos recorded eight-frame movies of this wispy cloud belt for two martian years. They've used two angles to capture the clouds: one pointed directly up, to see wind direction and speed, and another that keeps the rover's horizon in the frame, allowing a view into the clouds' depth. Given the limited water vapor, solar energy, and atmosphere, the martian clouds lack the variety of shapes seen on Earth. But during one day of cloud gazing -- Curiosity's 1302th martian day, to be precise -- the team got lucky and saw something unusual. That day, when Curiosity looked to the horizon, it saw a sequence of straight, parallel rows of clouds flowing in the same direction: the first ground-based view of a gravity wave cloud. Similar to the waves that follow a pebble tossed into a pond, gravity waves are created when some unknown feature of the martian landscape causes a ripple in the atmosphere that is then seen in clouds. Such waves are common at the edge of the martian ice caps, but thought to be less frequent over its equator.

Read more of this story at Slashdot.

SC Magazine: Finance hands whole-of-gov IT panels over to DTA

(posted on Thursday March 23, 2017 at 14:15 AWST)

Last vestiges of tech remit transferred.

GNOME Look: VimixDark-Gtk-Theme [GTK3 Themes]

(posted on Thursday March 23, 2017 at 13:02 AWST)

ThumbnailVimixDark-Gtk-Theme
(GTK3 Themes)
This is a flat clean dark theme GitHub: [url]https://github.com/vinceliuice/vimix-gtk-themes[/url] ----------------------------- Based on Flat-Plat gtk theme: [url]https://github.com/nana-4/Flat-Plat[/url] ----------------------------- NFO ----------------------------- GTK2 ENGINES REQUIREMENT - GTK2 engine Murrine 0.98.1.1 or later. - GTK2 pixbuf engine or the gtk(2)-engines package. Fedora/RedHat distros: yum install gtk-murrine-engine gtk2-engines Ubuntu/Mint/Debian distros: sudo apt-get install gtk2-engines-murrine gtk2-engines-pixbuf ArchLinux: pacman -S gtk-engine-murrine gtk-engines Other: Search for the engines in your distribution's repository or install the engines from source. ---------------------------- Icon theme : Paper-vimix: [url]https://github.com/vinceliuice/vimix-gtk-themes/archive/Vimix-Icons&Wallpapers.zip[/url] ---------------------------- Homepage: [url]http://fav.me/da0vc4t[/url] QQ: 1151548973 WeChat(微信): vinceliuice Baidu ID (百度贴吧): 浣衣尘

[read more]

SC Magazine: NSW govt steals AUSTRAC CIO as first cyber chief

(posted on Thursday March 23, 2017 at 12:27 AWST)

Inaugural state CISO.

DFES Emergency Alerts: Take action now for Minor flooding in parts of the Pilbara district

DFES Emergency Alerts (posted on Thursday March 23, 2017 at 12:12 AWST)

Category: Flood
Alert Summary: People in the De Grey River and Pilbara Coastal River catchments need to take action now as Minor flooding is expected today and over the next few days. People in Marble Bar, Nullagine, Port Hedland, Karratha and surrounding areas may be affected.
Content:

​People in the De Grey River and Pilbara Coastal River catchments need to take action now as Minor flooding is expected today and over the next few days. People in Marble Bar, Nullagine, Port Hedland, Karratha and surrounding areas may be affected. 

Water will be fast flowing and levels will rise quickly. 

WHAT TO DO:  

DFES advises you to: 

Watch for changes in water levels so you are ready if you need to evacuate.

Pack a relocation kit together with your emergency kit.

Relocate equipment and livestock so they do not get caught in floodwaters.

Prepare pet food or stockfeed in case you cannot return home for a few days.

Never walk, swim or play in floodwaters as they are dangerous.

Do not go near storm drains and pipes, ditches and ravines, as they are dangerous.

Stay out of rivers, this includes no swimming or kayaking.

If you are a traveller do not park or camp adjacent to rivers.

IF DRIVING:

Floodways and river levels may rise rapidly so be careful at crossings.

Obey road closure signs and do not drive into water of unknown depth and current.

Take care on gravel and unsealed roads as they may be slippery and muddy, and you could get bogged.

If your car stalls in rising water, abandon it immediately and seek shelter above floodwater.

ROAD CLOSURES: 

Roads have been closed including:

Ripon Hills Road (both directions) between Marble Bar and Telfer turn-off.

Marble Bar Road (both directions) between Marble Bar and Roy Hill Village Access is open to high clearance four wheel drives only.

Water over the road:

Marble Bar Road (both directions) between Port Hedland and Marble Bar.

Great Northern Highway (both directions) between Auski and Sandfire.

 

Road information may also be available by calling Main Roads WA on 138 138 or visiting www.mainroads.wa.gov.au or by contacting your local Shire. 

FLOOD DETAILS:  

As at 23/03/2017 10:23am the Bureau of Meteorology advises recent thunderstorm activity over the De Grey River and Pilbara Coastal River catchments has caused stream rises in Nullagine River, and is likely to cause river rises and areas of flooding in both catchments during Thursday into Friday. 

A tropical low is located to the north of the Pilbara coast and is moving southwards into the Pilbara. Heavy rainfall associated with the passage of the low is forecast during Thursday into Friday.

Heavy rainfall is expected to result in significant river rises, areas of flooding and adversely affect road conditions. Some roads may become impassable and some communities may become isolated.

De Grey River catchment

Nullagine River:

Nullagine River at Nullagine is currently above the minor flood level (0.8 metres) and steady.

Nullagine River at Tumbinna Pool is currently above the minor flood level (1.5 metres) and steady.

De Grey River:

Minor flooding is not expected along the De Grey River at Coolenar Pool.

The De Grey River at Coolenar Pool is currently at 0.91 metres and steady. The De Grey River at Coolenar Pool will remain below the minor flood level (5.5 metres) during Thursday into Friday.

Pilbara Coastal Rivers catchment

Maitland River at Miaree Pool is currently below the minor flood level (2 metres) and steady.

Sherlock River at Sherlock Road Bridge is currently below the minor flood level (4 metres) and steady.

Yule River at Jelliabidina is currently below the minor flood level (2.5 metres) and steady.

Current river levels are available from Department of Water at www.water.wa.gov.au 

For the latest flood information visit www.bom.gov.au/wa/flood or call 1300 659 213. 

WHAT EMERGENCY SERVICES ARE DOING: 

DFES is monitoring the situation.


IMPORTANT NUMBERS: 

For SES assistance call 132 500  

In a life threatening situation call 000  

For the latest flood information call 1300 659 213 or visit www.bom.gov.au/wa/flood        


KEEP UP TO DATE: 

Visit www.emergency.wa.gov.au, call 13 DFES (13 3337), follow DFES on Twitter @dfes_wa, or listen to news bulletins. 

Updates will be provided when the situation changes.   

Publication Time: 23/03/2017 12:10 PM
Region: Pilbara

DFES Emergency Alerts: Prepare for flooding in parts of the Pilbara and Midwest Gascoyne

DFES Emergency Alerts (posted on Thursday March 23, 2017 at 11:51 AWST)

Category: Flood
Alert Summary: People in the Fortescue River and Ashburton River catchments should prepare for possible Minor flooding expected over the coming days. People in Tom Price, Pannawonica, Newman, Paraburdoo and surrounding areas may be affected.
Content:

​People in the Fortescue River and Ashburton River catchments should prepare for possible Minor flooding expected over the coming days. People in Tom Price, Pannawonica, Newman, Paraburdoo and surrounding areas may be affected. 

There is no immediate danger but you need to keep up to date in case the situation changes. 

WHAT TO DO:  

DFES advises you to: 

Prepare to relocate equipment and livestock early so they are not caught in floodwaters.

Prepare an emergency kit including enough canned food and water to last for four days, as well as clothing, important documents and medication.

Fill your vehicle's fuel tank.

Watch for changes in water levels so you are ready if you need to evacuate

Never walk, swim or play in floodwaters, as they are dangerous.

Stay out of rivers, this includes no swimming or kayaking.

Do not park or camp adjacent to rivers.

IF DRIVING:

Be careful at crossings and floodways as river levels may rise rapidly.

Obey road closure signs and do not drive into water of unknown depth and current.

Take care on gravel and unsealed roads as they may be slippery and muddy, and you could get bogged.

Carry extra food and water when travelling in case of long delays at crossings.

ROAD CLOSURES: 

Roads have not been closed, however a number of roads have water over the road, including:

Great Northern Highway (both directions) from Auski to Sandfire.

Nanutarra Munjina Road (both directions) from Hamersley turn-off to Auski.

 

Road information may also be available by calling Main Roads WA on 138 138, visiting www.mainroads.wa.gov.au or by contacting your local Shire.

FLOOD DETAILS:  

As at 23/03/2017 10:36AM the Bureau of Meteorology advises flooding may develop in the Pilbara District during the next few days due to heavy rainfall associated with a Tropical Low. 

A Tropical Low is located to the north of the Pilbara coast and is moving southwards into the Pilbara. Heavy rainfall associated with the passage of the low is forecast during Thursday into Friday.

For the 24 hours to 9 am Friday widespread rainfall totals of 50 millimetres to 100 millimetres with isolated totals up to 150 millimetres are forecast in the central parts of the Pilbara District.

Flood warnings are current for the De Grey River and Pilbara Coastal Rivers.

Current river levels are available from Department of Water at www.water.wa.gov.au 

For the latest flood information visit www.bom.gov.au/wa/flood or call 1300 659 213. 

WHAT EMERGENCY SERVICES ARE DOING: 

DFES is monitoring the situation.


IMPORTANT NUMBERS: 

For SES assistance call 132 500  

In a life threatening situation call 000  

For the latest flood information call 1300 659 213 or visit www.bom.gov.au/wa/flood        


KEEP UP TO DATE: 

Visit www.emergency.wa.gov.au, call 13 DFES (13 3337), follow DFES on Twitter @dfes_wa, or listen to news bulletins. 

Updates will be provided when the situation changes.   

Publication Time: 23/03/2017 11:48 AM
Region: Pilbara, Midwest Gascoyne

GNOME Look: City [Metacity Themes]

(posted on Thursday March 23, 2017 at 11:38 AWST)

ThumbnailCity
(Metacity Themes)
[b]Colorful theme for your dark or light experience[/b] The theme named "City" has freely customizable color (from Gnome theme manager). I made also colored themes (found in the City pack) with predefined colors, so you can use different color for window border and for GTK+ theme. All colors used in color pack are mentioned in a "README (colors)" file which is in the City pack. It's very easy to make your own predefined color or to change a title alignment or even to change a button icon size. To do so read a "README (easily customize your theme)" file which is included in the City theme archive. Take a look on my [b]themes' Gallery[/b]: [url]https://sites.google.com/site/novomente[/url]

[read more]

Slashdot: A Lithuanian Phisher Tricked Two Big US Tech Companies Into Wiring Him $100 Million

(posted on Thursday March 23, 2017 at 11:30 AWST)

According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.

Read more of this story at Slashdot.

SC Magazine: What happens when automation goes wrong?

(posted on Thursday March 23, 2017 at 10:26 AWST)

[Opinion] Are humans losing their skills?

SC Magazine: Chevron turns to Australia for IBM Watson clues

(posted on Thursday March 23, 2017 at 10:23 AWST)

US giant to follow Woodside Energy into cognitive territory.

Slashdot: Japanese Company Develops a Solar Cell With Record-Breaking 26%+ Efficiency

(posted on Thursday March 23, 2017 at 09:25 AWST)

An anonymous reader quotes a report from Ars Technica: The silicon-based cells that make up a solar panel have a theoretical efficiency limit of 29 percent, but so far that number has proven elusive. Practical efficiency rates in the low-20-percent range have been considered very good for commercial solar panels. But researchers with Japanese chemical manufacturer Kaneka Corporation have built a solar cell with a photo conversion rate of 26.3 percent, breaking the previous record of 25.6 percent. Although it's just a 2.7 percent increase in efficiency, improvements in commercially viable solar cell technology are increasingly hard-won. Not only that, but the researchers noted in their paper that after they submitted their article to Nature Energy, they were able to further optimize their solar cell to achieve 26.6 percent efficiency. That result has been recognized by the National Renewable Energy Lab (NREL). In the Nature Energy paper, the researchers described building a 180.4 cm2 cell using high-quality thin-film heterojunction (HJ) -- that is, layering silicon within the cell to minimize band gaps where electron states can't exist. Controlling heterojunctions is a known technique among solar cell builders -- Panasonic uses it and will likely incorporate it into cells built for Tesla at the Solar City plant in Buffalo, and Kaneka has its own proprietary heterojunction techniques. For this record-breaking solar cell, the Kaneka researchers also placed low-resistance electrodes toward the rear of the cell, which maximized the number of photons that collected inside the cell from the front. And, as is common on many solar cells, they coated the front of the cell with a layer of amorphous silicon and an anti-reflective layer to protect the cell's components and collect photons more efficiently.

Read more of this story at Slashdot.

SC Magazine: ZTE pleads guilty in US court in sanctions case

(posted on Thursday March 23, 2017 at 09:01 AWST)

Sent US components illegally to Iran.

Slashdot: LastPass Bugs Allow Malicious Websites To Steal Passwords

(posted on Thursday March 23, 2017 at 08:45 AWST)

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.

Read more of this story at Slashdot.

SC Magazine: Contractor army wanted for Qld Health's middleware overhaul

(posted on Thursday March 23, 2017 at 08:24 AWST)

Getting into meaty part of big transformation.

Slashdot: W3C Erects DRM As Web Standard

(posted on Thursday March 23, 2017 at 08:05 AWST)

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.

Read more of this story at Slashdot.

Slashdot: 'Dig Once' Bill Could Bring Fiber Internet To Much of the US

(posted on Thursday March 23, 2017 at 07:20 AWST)

An anonymous reader quotes a report from Ars Technica: If the U.S. adopts a "dig once" policy, construction workers would install conduits just about any time they build new roads and sidewalks or upgrade existing ones. These conduits are plastic pipes that can house fiber cables. The conduits might be empty when installed, but their presence makes it a lot cheaper and easier to install fiber later, after the road construction is finished. The idea is an old one. U.S. Rep. Anna Eshoo (D-Calif.) has been proposing dig once legislation since 2009, and it has widespread support from broadband-focused consumer advocacy groups. It has never made it all the way through Congress, but it has bipartisan backing from lawmakers who often disagree on the most controversial broadband policy questions, such as net neutrality and municipal broadband. It even got a boost from Rep. Marsha Blackburn (R-Tenn.), who has frequently clashed with Democrats and consumer advocacy groups over broadband -- her "Internet Freedom Act" would wipe out the Federal Communications Commission's net neutrality rules, and she supports state laws that restrict growth of municipal broadband. Blackburn, chair of the House Communications and Technology Subcommittee, put Eshoo's dig once legislation on the agenda for a hearing she held yesterday on broadband deployment and infrastructure. Blackburn's opening statement (PDF) said that dig once is among the policies she's considering to "facilitate the deployment of communications infrastructure." But her statement did not specifically endorse Eshoo's dig once proposal, which was presented only as a discussion draft with no vote scheduled. The subcommittee also considered a discussion draft that would "creat[e] an inventory of federal assets that can be used to attach or install broadband infrastructure." Dig once legislation received specific support from Commerce Committee Chairman Greg Walden (R-Ore.), who said that he is "glad to see Ms. Eshoo's 'Dig Once' bill has made a return this Congress. I think that this is smart policy and will help spur broadband deployment across the country."

Read more of this story at Slashdot.

Slashdot: Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data

(posted on Thursday March 23, 2017 at 06:40 AWST)

A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.

Read more of this story at Slashdot.

Slashdot: GNOME 3.24 Released

(posted on Thursday March 23, 2017 at 06:00 AWST)

prisoninmate quotes a report from Softpedia: GNOME 3.24 just finished its six-month development cycle, and it's now the most advanced stable version of the modern and popular desktop environment used by default in numerous GNU/Linux distributions. It was developed since October 2016 under the GNOME 3.23.x umbrella, during which it received numerous improvements. Prominent new features of the GNOME 3.24 desktop environment include a Night Light functionality that promises to automatically shift the colors of your display to the warmer end of the spectrum after sunset, and a brand-new GNOME Control Center with redesigned Users, Keyboard and Mouse, Online Accounts, Bluetooth, and Printer panels. As for the GNOME apps, we can mention that the Nautilus file manager now lets users browse files as root (system administrator), GNOME Photos imitates Darktable's exposure and blacks adjustment tool, GNOME Music comes with ownCloud integration and lets you edit tags, and GNOME Calendar finally brings the Week view. New apps like GNOME Recipes are also part of this release. The full release notes can be viewed here. Softpedia notes in conclusion: "As mentioned before, it will take at least a couple of weeks for the new GNOME 3.24 packages to land on the stable repositories of your favorite distro, which means that you'll most probably be able to upgrade from GNOME 3.22 when the first point release, GNOME 3.24.1, is out on April 12, 2017."

Read more of this story at Slashdot.

Slashdot: 17,000 AT&T Workers Go On Strike In California and Nevada

(posted on Thursday March 23, 2017 at 05:20 AWST)

An anonymous reader quotes a report from Fortune: Approximately 17,000 workers in AT&T's traditional wired telephone business in California and Nevada walked out on strike on Wednesday, marking the most serious labor action against the carrier in years. The walkout -- formally known as a grievance strike -- occurred after AT&T changed the work assignments of some of the technicians and call center employees in the group, the Communications Workers of America union said. The union would not say how long the strike might last. A contract covering the group expired last year and there has been little progress in negotiations over sticking points like the outsourcing of call center jobs overseas, stagnant pay, and rising health care costs. The union said it planned to file an unfair labor charge with the National Labor Relations Board over the work assignment changes. "A walkout is not in anybody's best interest and it's unfortunate that the union chose to do that," an AT&T spokesman told Fortune. "We're engaged in discussion with the union to get these employees back to work as soon as possible."

Read more of this story at Slashdot.

SC Magazine: IBM says it won't pressure its customers into the cloud

(posted on Thursday March 23, 2017 at 04:48 AWST)

But the tech giant is strongly pursuing cloudy agenda.

SC Magazine: Lastpass patches creds-stealing bugs in browser plugins

(posted on Thursday March 23, 2017 at 04:47 AWST)

Google security researcher finds three in a row.

Slashdot: Nintendo Is Repairing Left Joy-Cons With ... a Piece of Foam?

(posted on Thursday March 23, 2017 at 04:40 AWST)

While Nintendo remains silent on the issue of some left Joy-Con controllers becoming desynced from the Switch console, it appears it has a solution for those affected. No, it's not avoidance of aquariums or all other wireless devices; instead, it's apparently as simple as a foam sticker placed in the right spot. From a report: Early reviews and, later, actual retail units of the Nintendo Switch highlighted an apparent hardware flaw in the design of the left Joy-Con controller. In certain scenarios -- like when played some distance from the console using the Joy-Con Grip -- some left Joy-Cons could lose sync and players would find themselves unable to accurately control what's happening on the screen. While a day one console update fixed this issue for some, it's remained for others and Nintendo has done little to assuage would-be consumers that it's solved the issue for good. But, a Joy-Con sent in for repair by CNET's Sean Hollister was returned with one small enhancement a week later and -- lo and behold -- it works. That enhancement: A small piece of conductive foam.

Read more of this story at Slashdot.

SC Magazine: Govt undermined by 'tick box' security culture: MacGibbon

(posted on Thursday March 23, 2017 at 04:40 AWST)

Vigilance is a full-time job.

Slashdot: Plans For London-Paris Electric Flight in 'Next Decade' Unveiled

(posted on Thursday March 23, 2017 at 04:00 AWST)

A start-up has unveiled ambitious plans to offer an electric-powered commercial flight between London and Paris in the next ten years. From a report: Wright Electric believes the proposed low-emission electric plane would offer a cheaper alternative to jet fuel for airlines and consumers. However, the start-up's bid to revolutionize short-haul flights relies on the continued advancement of battery technology. The company, who pitched to investors this week, would be forced to switch to a hybrid of aviation fuel and electricity if the advances in battery technology fail to materialise.

Read more of this story at Slashdot.

Slashdot: Ebay Asks Users To Downgrade Security

(posted on Thursday March 23, 2017 at 03:20 AWST)

Ebay has started to inform customers who use a hardware key fob when logging into the site to switch to receiving a one-time code sent via text message. The move from the company, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is "a downgrade to a less-secure option," say security reporter Brian Kerbs. He writes: In early 2007, PayPal (then part of the same company as Ebay) began offering its hardware token for a one-time $5 fee, and at the time the company was among very few that were pushing this second-factor (something you have) in addition to passwords for user authentication. I've still got the same hardware token I ordered when writing about that offering, and it's been working well for the past decade. Now, Ebay is asking me to switch from the key fob to text messages, the latter being a form of authentication that security experts say is less secure than other forms of two-factor authentication (2FA). The move by Ebay comes just months after the National Institute for Standards and Technology (NIST) released a draft of new authentication guidelines that appear to be phasing out the use of SMS-based two-factor authentication.

Read more of this story at Slashdot.

Slashdot: 'Extreme and Unusual' Climate Trends Continue After Record 2016

(posted on Thursday March 23, 2017 at 02:40 AWST)

From a report on BBC: In the atmosphere, the seas and around the poles, climate change is reaching disturbing new levels across the Earth. That's according to a detailed global analysis from the World Meteorological Organization (WMO). It says that 2016 was not only the warmest year on record, but it saw atmospheric CO2 rise to a new high, while Arctic sea ice recorded a new winter low. The "extreme and unusual" conditions have continued in 2017, it says. Reports earlier this year from major scientific bodies - including the UK's Met Office, Nasa and NOAA -- indicated that 2016 was the warmest year on record. The WMO's State of the Global Climate 2016 report builds on this research with information from 80 national weather services to provide a deeper and more complete picture of the year's climate data.

Read more of this story at Slashdot.

Slashdot: Cord-Cutting Isn't Nearly as Significant as Cable Providers Make It Out To Be

(posted on Thursday March 23, 2017 at 02:00 AWST)

From a report on CNBC: Despite legacy media's anxieties about cord-cutting, data suggest that the phenomenon isn't nearly as significant as cable providers make it out to be. In its 11th annual "Digital Democracy Survey," Deloitte found that the percentage of American households that subscribe to paid television services has remained relatively stable since 2012, even as adoption of streaming services has accelerated. In its survey of 2,131 consumers, Deloitte said two-thirds of respondents reported they have kept their TV subscriptions because they're bundled with their internet plan. Kevin Westcott, vice chairman and U.S. media and entertainment leader at Deloitte, told CNBC that bundling seems to be a huge deterrent for cord cutting.

Read more of this story at Slashdot.

GNOME Look: Belle Pintos Grande (GTK3.22, GTK2, IceWM) [GTK3 Themes]

(posted on Thursday March 23, 2017 at 01:25 AWST)

ThumbnailBelle Pintos Grande (GTK3.22, GTK2, IceWM)
(GTK3 Themes)
This is a GTK3.22 theme. This is only tested with GTK3.22 (specifically 3.22.8) and earlier versions of GTK3 are absolutely not supported and will probably not work at all. Also included in this package: * support for GTK2 * IceWM theme (as shown in the screenshots) * Wine colour scheme (not shown in the screenshots)

[read more]

Drupal Contrib Security: Linkit - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-033

(posted on Thursday March 23, 2017 at 00:40 AWST)

Description

Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field.

When searching for entities, this module doesn't always enforce the access restrictions and users may see information about entities they should not be able to access.

This is mitigated by the fact that a user must have access to a text format that uses Linkit.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Linkit 8.x-4.x versions prior to 8.x-4.3.

Drupal core is not affected. If you do not use the contributed Linkit- Enriched linking experience module, there is nothing you need to do.

Solution

Install the latest version:

  • If you use the Linkit module for Drupal 8.x, upgrade to Linkit 8.x-4.3

Also see the Linkit- Enriched linking experience project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal Contrib Security: Office Hours - Moderately Critical - Cross Site Scripting - DRUPAL-SA-CONTRIB-2017-032

(posted on Thursday March 23, 2017 at 00:37 AWST)

Description

This module enables you to show the office hours of a location to the public.

The module doesn't sufficiently filter user input for malicious Cross Site Scripting (xss).

This vulnerability is mitigated by the fact that an attacker must have a role with a permission to add fields to an entity.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Office Hours 7.x-1.x versions prior to 7.x-1.6.

Drupal core is not affected. If you do not use the contributed Office Hours module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Office Hours project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 

Wednesday March 22, 2017

GNOME Look: Wooden wall [Buildings]

(posted on Wednesday March 22, 2017 at 22:19 AWST)

ThumbnailWooden wall
(Buildings)
Part of old wooden wall (and window) Full resolution 4726x3151 Canon EOS 5D Mark II F/5.6 1/400 ISO-100

[read more]

GNOME Look: Sunset over Rödön [Landscapes]

(posted on Wednesday March 22, 2017 at 22:19 AWST)

ThumbnailSunset over Rödön
(Landscapes)
Sunset over Rödön island, Sweden - Early autumn 2016 Full resolution 4783×3189 Canon EOS 5D Mark II F/32 75mm ISO100

[read more]

GNOME Look: Just Colors [Icon Themes]

(posted on Wednesday March 22, 2017 at 19:27 AWST)

ThumbnailJust Colors
(Icon Themes)
Just Colors Icon theme. Uses elements of Vibrancy-Colors,Faenza. Colors Blue Brown Green Purple Red

[read more]

GNOME Look: Bit of Color [Icon Themes]

(posted on Wednesday March 22, 2017 at 18:32 AWST)

ThumbnailBit of Color
(Icon Themes)
Icon Theme Bit of Color Bit of Color icon theme. Uses elements of Vibrancy-Colors,Faenza. Colors Blue Green Orange Purple Red

[read more]

Ubuntu Security Notices: Webinar: How to ensure the ongoing security compliance of Ubuntu 12.04

(posted on Wednesday March 22, 2017 at 17:53 AWST)

Many enterprises still run Ubuntu 12.04 LTS but updates will end soon.

Date:   22 March, 2017
Time:   4pm GMT / 12pm EDT / 9am CDT
Speaker: Dustin Kirkland, Ubuntu Product and Strategy Lead at Canonical

Ubuntu 12.04 LTS users are encouraged to upgrade to 14.04 LTS or 16.04 LTS. For some this is easy but for others, particularly for larger deployments, upgrading can be complex.

By joining this live webinar you will learn:

  • How Ubuntu 12.04 LTS users will be impacted after April 25th, 2017
  • Upgrading strategies for 12.04 LTS systems to 14.04 LTS or 16.04 LTS
  • How to extend security maintenance for 12.04 LTS with Ubuntu Advantage

We encourage Q&A throughout, so please submit your questions when you register, and also bring more to the webinar!

Register for the webinar

Comments

GNOME Look: Gears [Icon Themes]

(posted on Wednesday March 22, 2017 at 17:44 AWST)

ThumbnailGears
(Icon Themes)
Шестерёнки Модификация тем иконок от sebastianblonde, jmsoviet, gardmo, pawanyadav, EepSetiawan. Всего 16037 иконок в apps. Максимальная совместимость с MATE, KDE, XFCE, Deepin. Скачивание: После перехода на страницу для скачивания жмите на кнопку скачать. Кнопка просмотр не работает потому, что это архив. Modification Icon theme by sebastianblonde, jmsoviet, gardmo, pawanyadav, EepSetiawan. All 16037 icons in apps. Maximum compatibility with MATE, KDE, XFCE, Deepin. Download: After switching on the download page click on the button to download. The Preview button is not working because it is a archive.

[read more]

Ubuntu Security Notices: Distributing a ROS system among multiple snaps

(posted on Wednesday March 22, 2017 at 16:00 AWST)

This is a guest post by Kyle Fazzari, Engineer at Canonical. If you would like to contribute a guest post, please contact ubuntu-devices@canonical.com

One of the key tenets of snaps is that they bundle their dependencies. The fact that they’re self-contained helps their transactional-ness: upgrading or rolling back is essentially just a matter of unmounting one snap and mounting the other. However, historically this was also one of their key downsides: every snap must be standalone. Fortunately, snapd v2.0.10 saw the addition of a content interface that could be used by a producer snap to make its content available for use by a consumer snap. However, that interface was very difficult to utilize when it came to ROS due to ROS’s use of workspaces for both building and running. At long last, support is landing in Snapcraft for building a ROS system that is distributed among multiple snaps, and I wanted to give you a preview of what that will look like.

Why would you want to do that?
Like I said, snaps bundling their dependencies is typically a good thing, and this applies to ROS-based snaps as well. Having an entire ROS system in a single snap that updates transactionally is awesome, and useful for most deployment cases. However, there are some use-cases where this breaks down.

For example, say I’m manufacturing an unmanned aerial vehicle. I want to sell it in such a state that it’s only capable of being piloted via remote control. This is done with a ROS system, which in a simple world would be made up of:

  • One node to act as a driver for the RC radio
  • One node to drive the motors
  • Launch file to connect the two

You get the idea. In addition to that basic platform, I want my users to be able to buy add-on packs. For example, perhaps the vehicle includes a GPS sensor (as well as basic pose sensors). I’d like to sell an add-on pack that adds a very basic “fly here” autopilot, or perhaps a “follow me” mode. That’s another ROS system, perhaps something like:

  • One node to act as a driver for the GPS
  • One node (or perhaps a few) to act as a driver for the pose sensors
  • One node to plan a path
  • One node to take the path and turn it into motor controls
  • A launch file to bring up this system

If we build both of these snaps to be standalone, we quickly run into issues:

  • Lots of duplication between them, as the autopilot snap will need to include most of the base behavior snap
  • They both include (and will try to launch) their own roscore
  • The duplicated snaps in each will try to access their respective hardware. This is a race condition: the first one up will win, the second will die. Or, depending on the hardware interface, they’ll both control it. That’s fun.

Using content sharing, we can actually make the autopilot snap depend upon and utilize the base behavior snap.

Alright, what does this look like?

Let’s simplify our previous example into two snaps: a “ros-base” snap that includes the typical stuff: roscore, roslaunch, etc., and a “ros-app” snap that includes packages that actually do something, specifically the classic talker/listener example. A quick reminder: this will only be possible in Snapcraft v2.28 or later.

Create ros-base
To create the base snap, create a snap/snapcraft.yaml file with the following contents:

 name: ros-base
version: '1.0'
grade: stable
confinement: strict
summary: ROS Base Snap
description: Contains roscore and basic ROS utilities.

slots:
  # This is how we make a part of this snap readable by other snaps.
  # Consumers will need to access the PYTHONPATH as well as various libs
  # contained in this snap, so share the entire $SNAP, not just the ROS
  # workspace.
  ros-base:
    content: ros-base-v1
    interface: content
    read: [/]
 

parts:
  ros-base:
    plugin: catkin
    rosdistro: kinetic
    include-roscore: true
    catkin-packages: [] 

That’s it. Run snapcraft on it, and after a little time you’ll have your base snap (the “provider” snap regarding content sharing). This particular example doesn’t do a whole lot by itself, so let’s move on to our ros-app snap (the “consumer” snap regarding content sharing).

Create ros-app

The starting point for ros-app is the current standalone ROS demo. We’ll use the exact same ROS workspace, but we’ll add a few more things and tweak the YAML a bit.

The recommended way to build a “consumer” snap (assuming it has a build-time dependency on the content shared from the “producer” snap, which ros-app does indeed have on ros-base ) is to create a tarball of the producer’s staging area, and use it as a part to build the consumer.

Concretely, we can tar up the staging area of ros-base and use it to build ros-app , but then filter it out of the final ros-app snap (so as to not duplicate the contents of ros-base ).

So let’s do that now. cd into the directory containing the now-built ros-base snap, tar up its staging area, then move it off into the ros-app area:

$ tar czf ros-base.tar.bz2 stage/
$ mv ros-base.tar.bz2 /path/to/ros-app

Now, in /path/to/ros-app alter the snap/snapcraft.yaml to look something like this:

name: ros-app
version: '1.0'
grade: stable
confinement: strict
summary: ROS App Snap
description: Contains talker/listener ROS packages and a .launch file.

plugs:
  # Mount the content shared from ros-base into $SNAP/ros-base
  ros-base:
    content: ros-base-v1
    interface: content
    target: /ros-base

apps:
  launch-project:
    command: run-system
    plugs: [network, netwo
 rk-bind, ros-base]

parts:
  # The `source` here is the tarred staging area of the ros-base snap.
  ros-base:
    plugin: dump
    source: ros-base.tar.bz2
    # This is only used for building-- filter it out of the final snap.
    prime: [-*]

  # This is mostly unchanged from the standalone ROS example. Notable
  # additions are:
  #  - Using Kinetic now (other demo is Indigo)
  #  - Specifically not including roscore
  #  - Making sure we're building AFTER our underlay
  #  - Spe
 cifying the build- and run-time paths of the underlay
  ros-app:
    plugin: catkin
    rosdistro: kinetic
    include-roscore: false
    underlay:
      # Build-time location of the underlay
      build-path: $SNAPCRAFT_STAGE/opt/ros/kinetic

      # Run-time location of the underlay
      run-path: $SNAP/ros-base/opt/ros/kinetic
    catkin-packages:
      - talker
      - listener
    after: [ros-base]

  # We can't just use roslaunch now, since t
 hat's contained in the
  # underlay. This part will tweak the environment a little to
  # utilize the underlay.
  run-system:
    plugin: dump
    stage: [bin/run-system]
    prime: [bin/run-system]

  # We need to create the $SNAP/ros-base mountpoint for the content
  # being shared.
  mountpoint:
    plugin: nil
    install: mkdir $SNAPCRAFT_PART_INSTALL/ros-base 

Other than the ROS workspace in src/ (which remains unchanged from the other demo so we won’t discuss it here), we need to create a bin/run-system executable that looks something like this:

Why is this needed? Because the Catkin plugin can only do so much for you. The ros-base snap includes various python modules and libs outside of its ROS workspace that ros-app needs, so we extend the PYTHONPATH and LD_LIBRARY_PATH to utilize them.

From there, it’s as easy as running roslaunch (which by the way is contained in ros-base).

Run snapcraft on this, and after a few minutes (fairly quick since it’s re-using the base’s staging area to build) you’ll have a ros-app snap

So now I have two ROS snaps. Now what?

You now have your ROS system split between multiple snaps. The first step is to install both snaps:

$ sudo snap install --dangerous ros-base_1.0_amd64.snap
ros-base 1.0 installed
$ sudo snap install --dangerous ros-app_1.0_amd64.snap
ros-app 1.0 installed

Now take a look at snap interfaces :

$ snap interfaces
Slot                      Plug
ros-base:ros-base         -
:alsa                     -
:avahi-observe            -
...

...
-                         ros-app:ros-base 

You’ll see that ros-base:ros-base is an available slot, and ros-app:ros-base is an available plug. This interface is currently not connected, so content sharing is not yet taking place. Let’s connect them:

$ sudo snap connect ros-app:ros-base ros-base:ros-base

Taking another look at  snap interfaces  you can see they're now connected:

$ snap interfaces
Slot                      Plug
ros-base:ros-base         ros-app
:alsa                     -
:avahi-observe            -
...

And now you can launch this ROS system you now have distributed between two snaps:

$ ros-app.launch-project

NODES
  /
    listener (listener/listener_node)
    talker (talker/talker_node)

process[talker-2]: started with pid [10649]
process[listener-3]: started with pid [10650]
[ INFO] [1487121136.757225517]: Hello world 0
[ INFO] [1487121136.860879281]: Hello world 1
[ INFO] [1487121136.960885723]: Hello world 2
[ INFO] [1487121137.057481265]: Hello world 3
[INFO] [1487121137.058298]: I heard Hello world 3

Conclusion

Multiple ROS users have mentioned that the fact that a ROS snap must be completely self-contained is a problem. Typically it either interferes with their workflow or their business plan. We’ve heard you! We can’t pretend that the snap world of isolated blobs and the ROS world of workspaces merge perfectly, but the content interface takes a big step toward blending these two worlds, and the new features in Snapcraft’s Catkin plugin hopefully makes it as easy as possible to utilize.

I personally look forward to seeing what you do with this!

Original guest post can be found here

Comments

SC Magazine: Accenture wins first lucrative Centrelink WPIT deal

(posted on Wednesday March 22, 2017 at 09:53 AWST)

Beats Capgemini.

SC Magazine: 'Corrupt' former NSW uni IT manager charged

(posted on Wednesday March 22, 2017 at 09:14 AWST)

ICAC succeeds in getting DPP to prosecute.

GNOME Look: macOS shell Theme [Gnome Shell Themes]

(posted on Wednesday March 22, 2017 at 09:03 AWST)

ThumbnailmacOS shell Theme
(Gnome Shell Themes)
A macOS like GNOME shell theme ---------------------------- WHAT'S NEW ----------------------------- * GNOME 3.24 COMPATIBLE * Did some changes to pop-up menu (calendar+notification menu) for the compatibility of GNOME 3.24. Therefore some changes may happened to the pop-up menu of previous versions of GNOME (3.22 , 3.20, etc). If something looking wired, please inform me about it. Because I have no way to test this on previous GNOME versions. * TESTED ONLY ON GNOME 3.24 That launcher icon (rocket icon) is stolen from La-Capitaine icon theme ;) Based on original MacBuntu theme. Please comment your suggestions, complains and everything. Special Thanks : Noobslab team NOTE: Only for GNOME desktop. Recommended GTK+ theme: Gnome-OSX Recommended icons theme: La-Capitaine Recommended cursor theme: Capitaine Thanks for read the product description.

[read more]

SC Magazine: Nasdaq to bring machine intelligence lab to Australia

(posted on Wednesday March 22, 2017 at 08:47 AWST)

Seeks data scientists.

SC Magazine: Google drops first preview of Android O

(posted on Wednesday March 22, 2017 at 08:40 AWST)

Final code to be released in the third quarter of this year.

SC Magazine: Anti-viruses can be hijacked via legit Windows tool

(posted on Wednesday March 22, 2017 at 08:00 AWST)

DoubleAgent attack hard to defend against.

SC Magazine: Britain follows US to ban big electronics on some flights

(posted on Wednesday March 22, 2017 at 07:40 AWST)

For 'public safety'.

SC Magazine: Apple brings out cheap 9.7-inch iPad

(posted on Wednesday March 22, 2017 at 04:20 AWST)

Mid-season refresh to reanimate slow tablet sales.

Tuesday March 21, 2017

GNOME Look: Athansia [Icon Themes]

(posted on Tuesday March 21, 2017 at 23:45 AWST)

ThumbnailAthansia
(Icon Themes)
Fresh version of Adwaita for you!

[read more]