Monday August 29, 2016

Slashdot: How G.E. Is Transforming Into An IoT Start-Up

(posted on Monday August 29, 2016 at 07:00 AWST)

Slashdot reader mspohr shares an article about "General Electric 're-inventing' itself as a software start-up." Jeffrey R. Immelt, the CEO of America's largest manufacturer, describes how he realized that data collected from their machines -- like turbines, engines, and medical-imaging equipment -- could be as valuable as the machines themselves. Now G.E. is hiring software engineers and data scientists from Amazon, Apple, Facebook and Google to try to transform the company into a "124-year-old startup" to take advantage of the Internet of Things and offer futuristic new services like predictive maintenance. The Times calls it "the next battlefield as companies fight to develop the dominant software layer that connects the machines," adding that by 2020 there will be 100 times as much data flowing from G.E.'s machines. Now G.E. Digital is using the open source PaaS, Cloud Foundry, to develop Predix, a cloud-based operating system for industrial applications like monitoring and adjusting equipment in the field, whether it's an oil-field rig or a wind-farm turbine. To help transform the company into a digital powerhouse, they're building a 1,400-employee complex in San Ramon, California "designed to suit the free-range working ways of software developers: open-plan floors, bench seating, whiteboards, couches for impromptu meetings, balconies overlooking the grounds and kitchen areas with snacks." And they've also launched the Industrial Dojo program "to accelerate the ability for developers to contribute code that enables the Industrial Internet".

Read more of this story at Slashdot.

Latest Kernel Versions: 4.8-rc4: mainline

(posted on Monday August 29, 2016 at 06:04 AWST)

Version:4.8-rc4 (mainline)
Released:2016-08-28
Source:linux-4.8-rc4.tar.xz
PGP Signature:linux-4.8-rc4.tar.sign
Patch:patch-4.8-rc4.xz

Slashdot: Recent College Grads Aim To Land A Robot On The Moon

(posted on Monday August 29, 2016 at 05:50 AWST)

Sunday the Indian Space Research Organization successfully test-launched a scramjet rocket, propelled by "an air-breathing propulsion system which uses hydrogen as fuel and oxygen from the atmosphere air as the oxidizer" rather than carrying a tank of liquid oxygen. "if the need for liquid oxygen is taken away, the space craft can be much lighter, hence cheaper to launch," notes one newspaper, adding that India is only the fourth country to flight-test a scramjet engine after the U.S., Russia and the European Space Agency. But in addition, 15 former ISRO scientists are now helping Team Indus, one of the 16 teams remaining in Google's $30 million Lunar XPRIZE competition, who will use ISRO's polar satellite launch vehicle to send their spacecraft to the moon. GillBates0 writes: An official designated as "Skywalker", said that such space missions used to be limited to extremely elite people and PhDs in the past. That stereotype is now breaking. "I was just a college student a couple of years ago and now I am working on an actual space mission, how cool is that," said Karan Vaish, 23, who is helping the team to design the lunar rover. Eighty per cent of the team is reported to be less than five years out of college.

Read more of this story at Slashdot.

Slashdot: Ask Slashdot: What's The Best Way To Backup Large Amounts Of Personal Data?

(posted on Monday August 29, 2016 at 04:50 AWST)

An anonymous Slashdot reader has "approximately two terabytes of photos, currently sitting on two 4-terabyte 'Intel Rapid Storage' RAID 1 disks." But now they're considering three alternatives after moving to a new PC: a) Keep these exactly as they are... The current configuration is OK, but it's a pain if a RAID re-sync is needed as it takes a long time to check four terabytes. b) Move to "Storage Spaces". I've not used Storage Spaces before, but reports seem to show it's good... It's a Good Thing that the disks are 100% identical and removable and readable separately. Downside? Unknown territory. c) Break the RAID, and set up the second disk as a file-copied backup... [This] would lose a (small) amount of resilience, but wouldn't suffer from the RAID-sync issues, ideally a Mac-like "TimeMachine" backup would handle file histories. Any recommendations? This is also a good time to share your experiences with Storage Spaces, so leave your answers in the comments. What's the best way to backup large amounts of personal data?

Read more of this story at Slashdot.

Slashdot: Welcome To 1986: Inside 'Halt And Catch Fire's' High-Tech Time Machine

(posted on Monday August 29, 2016 at 03:50 AWST)

The third season of AMC's technology drama "Halt and Catch Fire" painstakingly recreated Silicon Valley and San Francisco in 1986. Long-time Slashdot reader harrymcc shares his first-person report: The new episodes...are rich with carefully-researched plot points, dialogue, and sets full of vintage technology (including a startup equipped with real Commodore 64s and a recreated IBM mainframe). I visited the soundstage in Atlanta where the producers have recreated Northern California in the 1980s, and spoke with the show's creators and stars about the loving attention they devote to getting things right. Harry argues that the show "is in part about how we got from the past to the present," and writes that he saw several 5 1/4-inch floppy disks "including Memorex, 3M, and BASF FlexyDisk," plus "a manual for Frogger for the Atari 2600, a copy of a spreadsheet program known as MicroPro CalcStar...and countless other little pieces of history."

Read more of this story at Slashdot.

Slashdot: 100 Arrested In New York Thanks To Better Face-Recognition Technology

(posted on Monday August 29, 2016 at 02:50 AWST)

New York doubled the number of "measurement points" used by their facial recognitation technology this year, leading to 100 arrests for fraud and identity theft, plus another 900 open cases. An anonymous reader quotes a report from Ars Technica: In all, since New York implemented facial recognition technology in 2010, more than 14,000 people have been hampered trying to get multiple licenses. The newly upgraded system increases the measurement points of a driver's license picture from 64 to 128. The DMV said this vastly improves its chances of matching new photographs with one already in a database of 16 million photos... "Facial recognition plays a critical role in keeping our communities safer by cracking down on individuals who break the law," Gov. Andrew M. Cuomo said in a statement. "New York is leading the nation with this technology, and the results from our use of this enhanced technology are proof positive that its use is vital in making our roads safer and holding fraudsters accountable." At least 39 US states use some form of facial recognition software, and New York says their new system also "removes high-risk drivers from the road," stressing that new licenses will no longer be issued until a photo clears their database.

Read more of this story at Slashdot.

Slashdot: Players Seek 'No Man's Sky' Refunds, Sony's Content Director Calls Them Thieves

(posted on Monday August 29, 2016 at 01:51 AWST)

thegarbz writes: As was covered previously on Slashdot the very hyped up game No Man's Sky was released to a lot of negative reviews about game-crashing bugs and poor interface choices. Now that players have had more time to play the game it has become clear that many of the features hyped by developers are not present in the game, and users quickly started describing the game as "boring". Now, likely due to misleading advertising, Steam has begun allowing refunds for No Man's Sky regardless of playtime, and there are reports of players getting refunds on the Play Station Network as well despite Sony's strict no refund policy. Besides Sony, Amazon is also issuing refunds, according to game sites. In response, Sony's former Strategic Content Director, Shahid Kamal Ahmad, wrote on Twitter, "If you're getting a refund after playing a game for 50 hours you're a thief." He later added "Here's the good news: Most players are not thieves. Most players are decent, honest people without whose support there could be no industry." In a follow-up he acknowledged it was fair to consider a few hours lost to game-breaking crashes, adding "Each case should be considered on its own merits and perhaps I shouldn't be so unequivocal."

Read more of this story at Slashdot.

Slashdot: 'Longest Living Human' Says He Is Ready For Death At 145

(posted on Monday August 29, 2016 at 00:50 AWST)

Slashdot reader schwit1 quotes an article from The Telegraph: An Indonesian man who claims to be the longest living human in recorded history has described how he "just wants to die". Mbah Gotho, from Sragen in central Java, was born on December 31, 1870, according to the date of birth on his identity card. Now officials at the local record office say they have finally been able to confirm that remarkable date as genuine. If independently confirmed, the findings would make Mr Gotho a staggering 145 years old -- and the longest lived human in recorded history. "One of Mr Gotho's grandsons said his grandfather has been preparing for his death ever since he was 122," according to the article. Though he lived long enough to meet his great-great grandchildren, he's already outlived four wives, all 10 of his brothers and sisters, and all of his children.

Read more of this story at Slashdot.

Sunday August 28, 2016

Slashdot: RIP John Ellenby, Godfather of the Modern Laptop

(posted on Sunday August 28, 2016 at 22:30 AWST)

John Ellenby managed the development of the Alto II before starting the company that built the world's first successful "clamshell" laptop. Slashdot reader fragMasterFlash quotes the New York Times: Ellenby, a British-born computer engineer who played a critical role in paving the way for the laptop computer, died on August 17 in San Francisco. He was 75... Mr. Ellenby's pioneering work came to fruition in the early 1980s, after he founded Grid Systems, a company in Mountain View, California. As chief executive, he assembled an engineering and design team that included the noted British-born industrial designer William Moggridge. The team produced a clamshell computer with an orange electroluminescent flat-panel display that was introduced as the Compass. It went to market in 1982. The Compass is now widely acknowledged to have been far ahead of its time. Back in the 1980s, NASA used them as backup navigational devices on the space shuttle -- one was recovered from the wreckage of the Space Shuttle Challenger -- and John Poindexter, America's national security advisor during the Reagan administration, described them as "built like an armored tank". Data storage cost $8,150 -- equivalent to $20,325 today.

Read more of this story at Slashdot.

Slashdot: New Ransomware Poses As A Windows Update

(posted on Sunday August 28, 2016 at 21:30 AWST)

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background... The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions. While the ransomware is busy encrypting your files, it displays Microsoft's standard warning about not turning off the computer while the "update" is in progress. Pressing Ctrl+F4 closes that window, according to the article, "but that doesn't stop the ransomware from encrypting files in the background."

Read more of this story at Slashdot.

Slashdot: Kim Dotcom Will Revive Megaupload, Linking File Transfers To Bitcoin Microtransactions

(posted on Sunday August 28, 2016 at 19:30 AWST)

Long-time Slashdot reader SonicSpike quotes an article from Fortune: The controversial entrepreneur Kim Dotcom said last month that he was preparing to relaunch Megaupload, the file-sharing site that U.S. and New Zealand authorities dramatically shut down in 2012, with bitcoins being involved in some way... This system will be called Bitcache, and Dotcom claimed its launch would send the bitcoin price soaring way above its current $575 value. The launch of Megaupload 2.0 will take place on January 20, 2017, he said, urging people to "buy bitcoin while cheap, like right now, trust me..." Crucially, Dotcom said the Bitcache system would overcome bitcoin's scaling problems. "It eliminates all blockchain limitations," he claimed. Every file transfer taking place over Megaupload "will be linked to a tiny Bitcoin micro transaction," Dotcom posted on Twitter. His extradition trial begins Monday, and he's asking the court to allow live-streaming of the trial "because of global interest in my case." Meanwhile, the FBI apparently let the registration lapse on the Megaupload domain, which they seized in 2012, and Ars Technica reports that the site is now full of porn ads.

Read more of this story at Slashdot.

Slashdot: EU Copyright Reform Proposes Search Engines Pay For Snippets

(posted on Sunday August 28, 2016 at 15:30 AWST)

An anonymous Slashdot reader reports that the European Commission "is planning reforms that would allow media outlets to request payment from search engines such as Google, for publishing snippets of their content in search results." The Stack reports: The working paper recommends the introduction of an EU law that covers the rights to digital reproduction of news publications. This would essentially make news publishers a new category of rights holders under copyright law, thereby ensuring that "the creative and economic contribution of news publishers is recognized and incentivized in EU law, as it is today the case for other creative sectors."

Read more of this story at Slashdot.

Slashdot: Microsoft Lost a City Because They Used Wikipedia Data

(posted on Sunday August 28, 2016 at 11:30 AWST)

"Microsoft can't tell North from South on Bing Maps," joked The Register, reporting that Microsoft's site had "misplaced Melbourne, the four-million-inhabitant capital of the Australian State of Victoria." Long-time Slashdot reader RockDoctor writes: Though they're trying to minimise it, the recent relocation of Melbourne Australia to the ocean east of Japan in Microsoft's flagship mapping application is blamed on someone having flipped a sign in the latitude given for the city's Wikipedia page. Which may or may not be true. But the simple stupidity of using a globally-editable data source for feeding a mapping and navigation system is ... "awesome" is (for once) an appropriate word. Well, it's Bing, so at least no-one was actually using it. "Bing's not alone in finding Australia hard to navigate," reports The Register. "In 2012 police warned not to use Apple Maps as it directed those seeking the rural Victorian town of Mildura into the middle of a desert."

Read more of this story at Slashdot.

Slashdot: Apple Fixes Three Zero Days Used In Targeted Attack

(posted on Sunday August 28, 2016 at 09:30 AWST)

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them. The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

Read more of this story at Slashdot.

Slashdot: Japanese Government Plans Cyber Attack Institute

(posted on Sunday August 28, 2016 at 08:30 AWST)

An anonymous reader quotes a report from The Stack: The government of Japan will create an institute to train employees to counter cyber attacks. The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure. The training institute, which will operate as part of Japan's Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyber attacks. A government source said that the primary aims will be preventing a large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stopping leaks of sensitive power plant designs. The source also stated that there is potential for a joint exercise in cyber awareness between the Japanese group and foreign cybersecurity engineers in the future.

Read more of this story at Slashdot.

Slashdot: 'Social Media ID, Please?' Proposed US Law Greeted With Anger

(posted on Sunday August 28, 2016 at 07:30 AWST)

The U.S. government announced plans to require some foreign travelers to provide their social media account names when entering the country -- and in June requested comments. Now the plan is being called "ludicrous," an "all-around bad idea," "blatant overreach," "desperate, paranoid heavy-handedness," "preposterous," "appalling," and "un-American," reports Slashdot reader dcblogs: That's just a sampling of the outrage. Some 800 responded to the U.S. request for comments about a proposed rule affecting people traveling from "visa waiver" countries to the U.S., where a visa is not required. This includes most of Europe, Singapore, Chile, Japan, South Korea, Australia and New Zealand... In a little twist of irony, some critics said U.S. President Obama's proposal for foreign travelers is so bad, it must have been hatched by Donald Trump. "Travelers will be asked to provide their Twitter, Facebook, Instagram, LinkedIn, Google+, and whatever other social ID you can imagine to U.S. authorities," reports Computer World. "It's technically an 'optional' request, but since it's the government asking, critics believe travelers will fear consequences if they ignore it..."

Read more of this story at Slashdot.

Saturday August 27, 2016

EEV Blog: EEVblog #916 – Work Bench Lighting From A Dumpster LCD TV

EEV Blog (posted on Saturday August 27, 2016 at 16:17 AWST)

How to scrap a dumpster LCD TV to get work bench or architrave lighting.
A look at the LED’s used and the lens system for direct backlit panels.
Also looking at the diffusion and prism layers of typical LCD TV’s.

LED LCD Panel Teardown Video

Forum HERE

Comments

EEV Blog: EEVblog #915 – Dumpster Dive LCD TV Salvage

EEV Blog (posted on Saturday August 27, 2016 at 16:12 AWST)

Turning a dumpster dive 50″ LG LCD TV into a light panel
Fun with a spectrometer, and light meter measurements.
Also looking at the diffusion and prism layers of typical LCD TV’s.

Part 2 HERE

LED LCD Panel Teardown VIDEO

3M Brightness Enhancement Films

Forum HERE

Comments

pfSense: 2.4 pre-alpha snapshots now available.

(posted on Saturday August 27, 2016 at 06:32 AWST)

pfSense® software version 2.4 pre-alpha snapshots are now available.

pfSense 2.4 will use FreeBSD 11 as a base, and 11.0-RELEASE has not yet occurred.  There will be additional work to use 11.0-RELEASE as a base.

More work at “reduction of technical debt” is occurring in 2.4.  We have decided to not carry forward the kernel patches for Captive Portal.  Instead, it is being re-written to use stock IPFW.  That work is only about 75% complete.  Simultaneously, work is occurring to convert several subsystems (e.g. radius) to use the PEAR equivalents:

There appears to be a bug in pf (likely due to the interaction of one of our patches).  This only manifests under high usage.

New features and changes are listed here.

Full change list:
source and build tools
ports
FreeBSD source

Outstanding bugs/features/todo items:
Everything else

We advise that you do not use this on a production system yet. If you have the time and interest, we encourage you to try this on a scratch system or VM and provide feedback for any issues you find.

Comments

Friday August 26, 2016

SC Magazine: Australian data breach alerts bill to hit parliament

(posted on Friday August 26, 2016 at 15:36 AWST)

Will Australia finally get a notification scheme?

SC Magazine: WA's alcohol interlocks delayed by sluggish IT

(posted on Friday August 26, 2016 at 14:54 AWST)

Two-year wait blamed on upgrade backlog.

SC Magazine: US court convicts Russian politician's son for hacking

(posted on Friday August 26, 2016 at 09:49 AWST)

Stole 2.9 million credit card numbers.

SC Magazine: WhatsApp to share phone numbers with Facebook

(posted on Friday August 26, 2016 at 08:45 AWST)

First big shift in privacy policy.

SC Magazine: NBN Co shrinks HFC footprint, expands FTTN rollout

(posted on Friday August 26, 2016 at 07:33 AWST)

Time running out for more funding.

SC Magazine: Apple issues emergency patch for exploited iOS zero-days

(posted on Friday August 26, 2016 at 07:00 AWST)

‘Trident’ vulnerability used to attack media and activists.

SC Magazine: Canberra is losing the 'treasured people' keeping legacy IT alive

(posted on Friday August 26, 2016 at 04:30 AWST)

Will a new generation fill their shoes in time?

SC Magazine: QUU CIO poached by Uniting Care

(posted on Friday August 26, 2016 at 04:03 AWST)

Nina Du Thaler will tackle NDIS challenges.

Thursday August 25, 2016

Ubuntu Security Notices: 25 Linux devices to celebrate 25 years of Linux!

(posted on Thursday August 25, 2016 at 22:52 AWST)

linux-logo
Happy 25th birthday Linux. It’s a monumental milestone!

Over the years Canonical has been working on putting Linux in the hands of millions of people and worked with various hardware vendors to release over 1000 models of Linux hardware (!)

Today we’re celebrating by showcasing 25 Ubuntu devices released over the years from laptop, netbook, tower computer, phone, tablets, development boards, drones to robotic spiders. We hope you enjoy the list – there are some golden oldies – and we look forward to the next 25 years!

Plus if you have a favourite device from the list (or not), why not let us know by tweeting #UbuntuDevices – enjoy!

25 Ubuntu Devices

1. system 76 v.2 1. System 76 (June 2005) System76 was the first hardware vendor to offer packaged Ubuntu laptops, desktops and servers!
2. dell mini 2. Dell Inspiron Mini 9 (Sep 2008) The Dell Inspiron Mini Series was a line of subnotebook/netbook computers designed by Dell
3. ZaReason Verix 545 (Jun 2010) ZaReason only makes Linux computers
3. hp 4. HP mini 5103 (Sep 2010) Another netbook!
4. hp 5. Hp compaq 4000 (Jan 2011) A stable and reliable PC mainly for business use
5.wyse 6. Dell Wyse T50 (Sep 2011) Fast and affordable thin client for Cloud Client Computing Deployments
7. Asus Eee PC 1015CX – (March 2012) Netbooks are still in favour… getting smaller and cheaper!
8. Acer Veriton Z (Jan 2013) One of the many towers running Ubuntu
9. Turtlebot 2 (March 2013) The 2nd iteration of the robotic development platform
8. bq e45 10. BQ E4.5 (Feb 2015) And here it is – our very first Ubuntu Phone!
9.rpi2b 11. Raspberry Pi 2 (Feb 2015) A collaboration with the Raspberry Pi Foundation where Snappy Ubuntu Core is available for the Raspberry Pi 2
10.Meizu mx4 12. Meizu MX4 (July 2015) Our first release with Chinese partners, Meizu
13.Lenovo 13. Lenovo Thinkpad L450 (July 2015) Continually shipping Ubuntu pre-installed on laptops worldwide
14.Intel 14. Intel Compute Stick (July 2015) Enabling the transformation of a display into a fully functioning computer for home use or digital signage!
15. Erle spider 15. Erle Spider (Sep 2015) The first legged drone powered by ROS and running snappy Ubuntu Core
16. Dell XPS 15 (October 2015) The second iteration of this laptop built for developers who need powerful Linux desktop!
16. robotics 17. Robotics OP2 (Oct 2015) All we can say is, he was a hit at MWC 16!
17.DJI 18. DJI Manifold (Nov 2015) A high-performance embedded computer designed specifically to fly
18. bq m10 19. BQ Aquaris M10 (Feb 2016) Reinventing the personal mobile computing experience with our first converged device
19. meizu pro 5 20. Meizu PRO 5 (Feb 2016) Our most powerful phone to date!
20.Nuc 21. Intel NUC (Feb 2016) A platform for developers to test and create x86-based IOT solutions using snappy Ubuntu Core also used for digital signage solutions
samsung 22. Samsung Artik 5+10 (May 2016) Developer images available on 2x boards!
22.Bubblegum 23. Bubblegum 96 board (July 2016) Image of Ubuntu Core available for uCRobotics on this awesome board
23. mycroft 24. Mycroft (July 2016) The open source answer to natural language platform
24. intel 25. Intel Joule board (Aug 2016) A new development board in the Ubuntu family, targetting IoT and robotics makers

Want to find out how to develop for all these great devices? Develop with Ubuntu

Comments

Netcraft: August 2016 Web Server Survey

(posted on Thursday August 25, 2016 at 16:15 AWST)

In the August 2016 survey we received responses from 1,153,659,413 sites and 5,980,524 web-facing computers. This reflects an increase of 80 million sites, but a loss of 78,000 computers.

While the overall number of sites increased this month, this growth was not felt evenly by each web server vendor: Microsoft gained the largest number of sites with an increase of 66 million, while second-placed Apache lost 41 million sites. Tengine, the nginx-based web server from Chinese online shopping giant Taobao, gained 28 million sites.

Whilst there were large changes in total number of sites, these were accompanied by much more modest changes in active sites – a more stable metric designed to ignore automatically generated bulk content. Apache and Microsoft both suffered small drops in the number of active sites, -0.5% and -0.8% respectively, whilst Tengine and nginx gained 120,000 (7.3%) and 81,000 (0.2%).

The majority of this month’s drop in web facing computers were running Apache, with a decrease of just over 107,000 (3.8%) using the open-source server. One of the primary contributors to this drop was the loss of a large number of consumer-NAS devices running Apache. While these devices have steadily increased in number since the start of 2016, this month has seen a marked decline. These devices are mostly connected via home internet lines and are therefore likely to come and go from month to month. As a result, the Apache losses this month are spread over a large number of consumer ISPs. On the other hand, Apache continued to see growth amongst web hosting providers.

A gain of 24,000 web-facing computers for nginx, the largest gain in web facing computers this month, once more boosts its market share, which now stands at 17.0%. Microsoft also experienced a small increase in market share, despite its loss of 4,000 web-facing computers, given Apache’s large loss this month.

Windows Server 2016 — which will be the main platform for Microsoft IIS 10.0 — is edging closer to its official launch at Microsoft's Ignite conference in September. In the meantime, developers can try out many of the new features in IIS 10 by either installing the latest Windows Server 2016 Technical Preview 5, or by installing the self-contained IIS 10.0 Express on Windows 7 SP1 or later.

More than 11,000 websites are already using Microsoft IIS 10.0, with almost all of these sites using a version of Windows Server 2016.

The previous month saw two new releases of the mainline version of nginx, mostly incorporating bug fixes and feature additions, while the release of Apache 2.4.23 addressed a security issue which could have allowed clients to gain unauthorised access to protected resources if a server was configured to use HTTP/2.

Several web servers were also updated following the disclosure of a set of vulnerabilities dubbed httpoxy. These vulnerabilities can affect web applications running in CGI or CGI-compatible environments.

The vulnerability stems from a simple namespace conflict where the client-provided HTTP Proxy header was placed into an HTTP_PROXY environment variable as is the custom for CGI applications; but where HTTP_PROXY was trusted by the application and used to configure an outgoing proxy.

This type of vulnerability was first discovered in libwww-perl more than 15 years ago, but in July it was found to be still exploitable in PHP and many other modern languages and libraries. Successful exploitation of these issues could allow a remote attacker to proxy outgoing HTTP requests made by a vulnerable web application, which may expose sensitive data.

To mitigate the httpoxy vulnerability, Apache 2.4.24-dev avoids populating the HTTP_PROXY variable from a Proxy header in httpd CGI environments. Similar mitigations have also been implemented in Lighttpd 1.4.41 and LiteSpeed, while nginx and Varnish have published mitigation advice.

Total number of websites

Web server market share

DeveloperJuly 2016PercentAugust 2016PercentChange
Microsoft378,655,75935.26%445,105,75538.58%3.32
Apache340,551,07431.72%300,028,83226.01%-5.71
nginx170,896,71615.92%181,606,29715.74%-0.17
Google22,552,9012.10%22,111,4311.92%-0.18
Web server market share for active sites

DeveloperJuly 2016PercentAugust 2016PercentChange
Apache80,607,09646.41%80,179,26946.34%-0.07
nginx37,837,33921.79%37,918,63521.92%0.13
Microsoft17,054,1669.82%16,922,3249.78%-0.04
Google14,859,5178.56%14,918,4948.62%0.07

For more information see Active Sites

Web server market share for top million busiest sites

DeveloperJuly 2016PercentAugust 2016PercentChange
Apache431,80943.18%427,90042.79%-0.39
nginx279,04927.90%281,58928.16%0.25
Microsoft110,20211.02%109,22110.92%-0.10
Google20,6812.07%20,5952.06%-0.01
Web server market share for computers

DeveloperJuly 2016PercentAugust 2016PercentChange
Apache2,832,38446.75%2,725,12945.57%-1.18
Microsoft1,547,44325.54%1,543,21625.80%0.26
nginx994,72116.42%1,019,10917.04%0.62

Ubuntu Security Notices: 25 years on and Linux is still going strong

(posted on Thursday August 25, 2016 at 16:00 AWST)

25_birthday

I embarked on the Linux journey in 2004 when I joined the newly founded Canonical and its not-yet-named Ubuntu team. I knew there was incredible opportunity around Linux but even then it wasn’t clear how pervasive Linux would become in all corners of technology, industry and society. Linux started its journey as a platform for researchers and developers and over the last 25 years it has become the innovator’s production platform across all computing platforms we use today. Perhaps it is fairer to say that the world has become developer-led, and since Linux is the first choice of developers, the world has adopted Linux by default. Servers, mobile, IoT and more all primarily run on Linux because the developers who make the most interesting things generally start on Linux.

Canonical is proud to support Linux with Ubuntu as the developer platform of choice. Enabling developers to be agile and effective is the best way to encourage the next wave of technical innovation. The leaders in drones, robotics, blockchain, artificial intelligence, self driving cars, computer visions are all blazing their trail on Ubuntu today and they are the technologies that will shape our lives in the coming years. Canonical shapes Ubuntu to be the fastest, easiest and most economical way to deliver innovation in real products – from the cloud to the edge of the network.

We’re also incredibly proud to continue to support Linux’s journey as the production platform for the enterprise and telecoms infrastructure we see today. Ubuntu is used in more than 55% of the production OpenStack clouds around the world. Enterprise and Telco deployments on Ubuntu have changed the way business deploys IT infrastructure. And we are already leading on what’s next for the future of cloud computing with NFV, Containerisation, and Machine Learning. On the IoT front we’re reshaping the nature of the device and the software operations experience for distributed computing with Ubuntu Core, built for IoT deployments where transactional upgrades, constrained environments, and security are the primary requirements.

While the cloud runs almost entirely on Linux, we think the desktop remains an important focus for Linux innovation too. Ubuntu started from the desktop, and is still innovating with the creation of a unique experience that converges the mobile and desktop worlds. Containers of all forms – docker, LXD and snap packaging are a new way for developers to design, distribute and run applications across clouds, devices and distributions.

So what does the next 25 years look like? As they say, the future is already here, just not evenly distributed. With machine learning progress going exponential, I think societies in future can expect to put even more trust in software for their everyday needs, and I’m glad that the trend is increasingly in favour of software that is shared, that is free for all to build upon, and that can be examined and improved by anybody. Public benefit depends on private innovation, and the fact that Linux as an open platform exists enables that innovation to come from anywhere. That’s something to celebrate. Happy birthday, Linux!

Comments

SC Magazine: Don’t believe the NSW govt's savings claims: auditor

(posted on Thursday August 25, 2016 at 14:09 AWST)

Review picks holes in digital dividends.

SC Magazine: At 25, Linux has grown up and gone pro

(posted on Thursday August 25, 2016 at 13:43 AWST)

Happy birthday, Penguin.

SC Magazine: Lockheed completes exit from Aussie IT market

(posted on Thursday August 25, 2016 at 09:56 AWST)

Defence, ATO deals officially change hands.

SC Magazine: Windows update breaks PowerShell remote management

(posted on Thursday August 25, 2016 at 09:47 AWST)

Fix coming in a week.

SC Magazine: Macquarie Telecom to bring NOC back in house

(posted on Thursday August 25, 2016 at 09:34 AWST)

Co-locate with customer hub in Sydney.

SC Magazine: Domino's to use drones to deliver pizzas

(posted on Thursday August 25, 2016 at 08:33 AWST)

Teams up with drone delivery firm Flirtey.

SC Magazine: Woolworths makes fixing IT a priority

(posted on Thursday August 25, 2016 at 07:41 AWST)

Claims SAP merchandising systems are now stable.

SC Magazine: All-flash storage slowly making its mark on Aussie enterprise

(posted on Thursday August 25, 2016 at 05:03 AWST)

Adoption is gradually increasing.

SC Magazine: Space weather forecasts to eliminate GPS mistakes

(posted on Thursday August 25, 2016 at 05:02 AWST)

Aussie researchers probe how radio waves are affected by atmosphere.

Wednesday August 24, 2016

Drupal Contrib Security: Workbench Scheduler - Moderately Critical - Access Bypass - SA-CONTRIB-2016-049

(posted on Wednesday August 24, 2016 at 22:47 AWST)

Description

Workbench Scheduler module provides users with the ability to create schedules that change moderated content from one workbench moderation state to another.

An authenticated user could add a schedule to a node even when that content type has schedules disabled.

The vulnerability is mitigated by the fact that a attacker must have access to an account in the system with permission to edit content and create schedules. Also, only sites with a specific combination of permissions and modules are affected.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Workbench Scheduler 7.x-1.x versions prior to 7.x-1.9.

Drupal core is not affected. If you do not use the contributed Workbench Scheduler module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Workbench Scheduler project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 

SC Magazine: NBN prompts Vodafone to mull entry into fixed-line market

(posted on Wednesday August 24, 2016 at 13:11 AWST)

Doesn't rule out acquisitions.

EEV Blog: EEVblog #914 – Sony VAIO UX Micro PC Teardown

EEV Blog (posted on Wednesday August 24, 2016 at 12:55 AWST)

Teardown of the vintage Sony VAIO UX Series Handheld Micro PC
using the Intel Core Solo processor
https://en.wikipedia.org/wiki/Sony_Vaio_UX_Micro_PC

Forum HERE

Datasheets:
IO Controller
Intel 82945GM
Intel Core Solo Processor U1400
PCI8412

Comments

OpenBSD Journal: Reminder: Early registration for EuroBSDcon 2016 ends Aug 24

OpenBSD Journal (posted on Wednesday August 24, 2016 at 12:46 AWST)

EuroBSDcon 2016 (see earlier article) is on from 22 to 25 September 2016, in Belgrade, Serbia.

Early registration ends 2016-08-24 23:59 CEST, so get in now for discounted prices on great (Open)BSD talks and tutorials!

SC Magazine: ANZ Bank's digital chief is the new head of World Vision Australia

(posted on Wednesday August 24, 2016 at 11:28 AWST)

Big sea change for long-time banking exec.

SC Magazine: Woodside's cognitive architecture revealed by IBM

(posted on Wednesday August 24, 2016 at 10:02 AWST)

Relies on three Watson APIs.

EEV Blog: EEVblog #913 – Mailbag

EEV Blog (posted on Wednesday August 24, 2016 at 06:05 AWST)

More Mailbag
Forum HERE

SPOILERS:
Elektor Magazine

Elektor Uno R4
4D Systems uLCD Gen4 LCD modules
Adler 805 1970’s Calculator
5 1/4″ floppy drive Apple II teardown
SolderDoodle USB Rechargeable soldering iron
Open Source Gossen Multimeter USB serial interface
Sony Vaio VGN-UX280P Pocket computer
Epipahn AVIO 4V USB 3.0 video capture teardown
ADV7619
NBN fibre optic modem and UPS teardown
300baud modem teardown
Tektronix 500 series plugin tab replacements

Comments

Tuesday August 23, 2016

Ubuntu Security Notices: Webinar: Industry 4.0 & IoT

(posted on Tuesday August 23, 2016 at 23:38 AWST)

Webinar 3 - CloudPlugs

We’ll be hosting our next webinar on Industry 4.0 and IoT!

This webinar will explore the convergence of Operational and Information technology as one of the key benefits of the Internet of Things; and how to use this convergence as a way to build a new generation of integrated digital supply chains which are the base of Industry 4.0.

The webinar will cover the following topics:

  • Industry 4.0 and IoT Trends
  • Higher efficiency and productivity through end to end integrated digital supply chains
  • New business opportunities for all players in the manufacturing supply chain
  • Real life examples on industrial process improvements through the use of IoT

Sign-up here

About the speaker: Jimmy Garcia-Meza is the co-founder and CEO of CloudPlugs Inc. He has over 20 years of experience running startups and large divisions in private and public U.S. multinational companies. He co-founded nubisio, Inc. a cloud storage company acquired by Bain Capital. He was CEO of FilesX, a backup software company acquired by IBM. He held various executive positions at Silicon Image (SIMG) where he was responsible for driving the world-wide adoption of HDMI. He was a venture director at Index Ventures and held several executive positions at Sun Microsystems where he has in charge of a $1.7B global line of business.

Comments

Ubuntu Security Notices: M10 Travel Light winners!

(posted on Tuesday August 23, 2016 at 23:19 AWST)

140_M10_TravelLight_Comp_v02_#TravelLight (3)

We had an awesome selection of entries for our #TravelLight competition!

Given that the M10 tablet can also be your laptop, saving you 1.5kg compared to the average laptop, we asked you…

What would you take with you on holiday if you had 1.5kg of extra space in your luggage?

Thank you to all those that participated, we had a laugh reading them! It wasn’t easy but we narrowed down our winners to the following:

Primary winners (Prize: M10 Tablet)

Gabriel Lucas

Andrea Souviron

Other winners (Prize: Strauss bluetooth speaker)

Adnan Quaium

Zakaria Bouzid

Bouslikhin saad

Johnny Chin

Bruce Cozine

Learn about the M10

Comments

OpenBSD Journal: SNI support added to libtls, httpd in -current

OpenBSD Journal (posted on Tuesday August 23, 2016 at 08:31 AWST)

Joel Sing (jsing@) has added server-side Server Name Indication (SNI) support to libtls and, based on that, to httpd.

Read more...

Monday August 22, 2016

Ubuntu Security Notices: QTS and Canonical unveil private, fully managed OpenStack cloud

(posted on Monday August 22, 2016 at 17:00 AWST)

QTS-export

OVERLAND PARK, KANSAS, and LONDON, U.K. (August 22, 2016) – Responding to increasing demand for flexible, open source and cost-predictable cloud solutions, QTS Realty Trust, Inc. (NYSE: QTS) and Canonical (the company behind Ubuntu, the leading operating system for container cloud, scale out, and hyperscale computing) announced today a private, fully managed OpenStack cloud solution available from any of QTS’ geographically diverse and highly secure data centers in mid-September.

Built on Ubuntu OpenStack, the world’s most popular OpenStack distribution, and using Canonical’s application modeling service Juju as well as Canonical’s Bare Metal as a Service (MaaS), QTS’ private, fully managed OpenStack cloud enables enterprise customers to perform quick and easy provisioning, orchestration, and management of cloud resources. Examples include:

  • Building software-as-a-service applications, either as new developments or as improvements upon existing solutions.
  • Serving as a base for delivering self-service storage and service on demand to users who need IT services.
  • Delivering object storage or block storage on demand.
  • Saving on licensing fees associated with virtualization technologies.

In addition to the Private Cloud Offering, QTS offer a public, multi-tenant pay-as-you-go OpenStack cloud solution that is self-provisioning, elastic and highly scalable.

“As a leading data center and IT infrastructure services provider, QTS is focused on delivering seamless hybrid cloud hosting solutions using proven, best-in-breed platform technologies,” said Anand Krishnan, Executive Vice President, Canonical Cloud. “We are pleased to support QTS’ delivery of OpenStack solutions that combine the rapid availability and elasticity of compute resources with the security and control their enterprise customers demand to support their mission critical applications and workloads.”

The new OpenStack solution is an important addition to QTS’ expanding portfolio of scalable, secure and compliant IaaS solutions and complements other QTS’ purpose-built clouds serving public sector, healthcare and enterprise workloads.

“QTS OpenStack Cloud is the latest addition as we expand our Infrastructure-as-a-Service (IaaS) offerings to create a one-stop shop for flexible IaaS and hybrid IT solutions that address increasingly diverse customer requirements,” said Jon Greaves, Chief Technology Officer, QTS. “Canonical is an industry leader in OpenStack management and technologies and we look forward to working closely as we unleash OpenStack Cloud solutions across our geographically diverse platform of integrated data centers.”

The fully managed cloud solution is being previewed at OpenStack East in New York City August 23-24 at Canonical booth # H12.

Comments