Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Windows 3.1 Glitch Causes Problems At French Airport -- Wait, 3.1? (vice.com) 406

OakDragon writes: Microsoft has tamped down the earth on XP's grave, steered Internet Explorer toward the nursing home, and is trying to convince everyone Windows 10 is a bright up-and-comer. But in the Paris airport of Orly, a system called DECOR — which helps air traffic controllers relay weather information to pilots — is running on Windows 3.1. That program suffered a glitch recently that grounded planes for some time. The airport actually runs on a variety of old systems, including Windows XP and UNIX. Maintenance is a problem. There are only three people in Paris that work on DECOR issues, and one of them is retiring soon. Hardware is also an issue. "Sometimes we have to go rummaging on eBay to replace certain parts," said Fiacre. "In any case, these machines were not designed to keep working for more than 20 years."

Andrew Tanenbaum Announces MINIXcon (minix3.org) 104

LichtSpektren writes: Andrew Tanenbaum, author of MINIX, writes: 'MINIX has been around now for about 30 years so it is (finally) time for the MINIXers to have a conference to get together, just as Linuxers and BSDers have been doing for a long time. The idea is to exchange ideas and experiences among MINIX 3 developers and users as well as discussing possible paths forward now that the ERC funding is over. Future developments will now be done like in any other volunteer-based open-source project. Increasing community involvement is a key issue here. Attend or give a presentation.' The con will be held on 1 February 2016 at the Vrije Universiteit in Amsterdam, the Netherlands.
GNU is Not Unix

GNU Hurd 0.7 and GNU Mach 1.6 Released 129

jones_supa writes: Halloween brought us GNU Hurd 0.7, GNU Mach 1.6, and GNU MIG 1.6. The new Hurd comes with filesystem driver improvements, provides a new rpcscan utility, and the Hurd code has been ported to work with newer versions of GCC and GNU C Library. The Mach microkernel has updates for compiler compatibility, improvements to the lock debugging infrastructure, the kernel now lets non-privileged users write to a small amount of memory, timestamps are now kept relative to boot time, and there are various bugfixes. MIG 1.6 is a small update which improves compatibility with newer dialects of C programming language. Specific details on all of the updates can be found in the full release announcement. jrepin adds some more details: The GNU Hurd 0.7 improves the node cache for the EXT2 file-system code (ext2fs), improves the native fakeroot tool, provides a new rpcscan utility, and fixes a long-standing synchronization issue with the file-system translators and other components. The GNU Mach 1.6 microkernel also has updates for compiler compatibility, improvements to the lock debugging infrastructure, the kernel now lets non-privileged users write to a small amount of memory, timestamps are now kept relative to boot time, and there are various bug-fixes.

Interviews: Ask Alan Donovan and Brian Kernighan About Programming and Go 185

Alan Donovan is a member of Google’s Go team in New York and holds computer science degrees from Cambridge and MIT. Since 2005, he has worked at Google on infrastructure projects and was the co-designer of its proprietary build system, Blaze. Brian Kernighan is a professor in the Computer Science Department at Princeton University. He was a member of technical staff in the Computing Science Research Center at Bell Labs, where he worked on languages and tools for Unix. He is the co-author of several books, including The C Programming Language, and The Practice of Programming. Recently, the pair have co-authored a soon to be released book titled The Go Programming Language. Alan and Brian have agreed to give us some of their time to answer any questions you may have about the upcoming book, Go, and programming in general. Ask as many questions as you'd like, but please keep them to one per post.

Compromised CCTV and NAS Devices Found Participating In DDoS Attacks (incapsula.com) 64

chicksdaddy writes: The parade of horribles continues on the Internet of Things, with a report from the security firm Incapsula that its researchers discovered compromised closed circuit cameras as well as home network attached storage (NAS) devices participating in denial of service attacks. The compromised machines included a CCTV at a local mall, just a couple minutes from the Incapsula headquarters.

According to the report, Incapsula discovered the infections as part of an investigation into a distributed denial of service attack on what it described as a "rarely-used asset" at a "large cloud service." The attack used a network of 900 compromised cameras to create a flood of HTTP GET requests, at a rate of around 20,000 requests per second, to try to disable the cloud-based server. The cameras were running the same operating system: embedded Linux with BusyBox, which is a collection of Unix utilities designed for resource-constrained endpoints.

The malware in question was a variant of a self-replicating program known as Lightaidra, which targets systems running BusyBox and exploits vulnerable Telnet/SSH services using so-called "brute force dictionary attacks" (aka "password guessing"). Given that many Internet connected devices simply use the default administrator credentials when deployed, calling it a "brute force" attack is probably a stretch.

Open Source

Celebrating 20 Years of OpenBSD With Release 5.8 (openbsd.org) 158

badger.foo writes: 20 years to the day after the OpenBSD source tree was created for the new project, the project has released OpenBSD 5.8, the 38th release on CD-ROM (and 39th via FTP/HTTP). This release comes with four release songs instead of the usual one, and a long list of improvements over the last releases. (Probably a good time to donate to the project, too, even if you don't use it directly, because of all the security improvements that OpenBSD programmers contribute to the world.)

KDE Turns 19 115

prisoninmate writes: Believe it or not, it has been 19 long years since Matthias Ettrich announced his new project, the Kool Desktop Environment (KDE). "Unix popularity grows thanks to the free variants, mostly Linux. But still a consistent, nice looking free desktop-environment is missing. There are several nice either free or low-priced applications available so that Linux/X11 would almost fit everybody needs if we could offer a real GUI," wrote the developer back in October 14, 1996.
Operating Systems

NetBSD 7.0 Released (netbsd.org) 58

An anonymous reader writes: After three years of development and over a year in release engineering, NetBSD 7.0 has been released. Its improvements include added support for many new ARM boards including the Raspberry Pi 2, major improvements to its multiprocessor-compatible firewall NPF, kernel scripting in Lua, kernel mode-setting for Intel and Radeon graphics chips, and a daemon called blacklistd(8) which integrates with numerous network daemons and shields them from flood attempts.

Ask Slashdot: Where Can I Find "Nuts and Bolts" Info On Cookies & Tracking Mechanisms? 84

New submitter tanstaaf1 writes: I was thinking about the whole tracking and privacy train-wreck and I'm wondering why specific information on how it is done, and how it can be micromanaged or undone by a decent programmer (at least), isn't vastly more accessible? By searching, I can only find information on how to erase cookies using the browser. Browser level (black box) solutions aren't anywhere near good enough; if it were, the exploits would be few and far between instead everywhere everyday. Read below for the rest of tanstaaf1's question.

OpenIndiana Hipster 2015.10: Keeping an Open-Source Solaris Going 149

An anonymous reader writes: It's been five years since Oracle killed off OpenSolaris while the community of developers are letting it live on with the new OpenIndiana "Hipster" 15.10 release. OpenIndiana 15.10 improves its Python-based text installer as it looks to drop its GUI installer, switches out the Oracle JDK/JRE for OpenJDK, and updates its vast package set. However, there are still a number of outdated packages on the system like Firefox 24 and X.Org Server 1.14 while the default office suite is a broken OpenOffice build, due to various obstacles in maintaining open-source software support for Solaris while being challenged by limited contributors. Download links are available via the OpenIndiana.org release notes. There's also a page for getting involved if wishing to improve the state of open-source Solaris.

30 Years a Sysadmin 162

itwbennett writes: Sandra Henry-Stocker's love affair with Unix started in the early 1980s when she 'was quickly enamored of the command line and how much [she] could get done using pipes and commands like grep.' Back then, she was working on a Zilog minicomputer, a system, she recalls, that was 'about this size of a dorm refrigerator'. Over the intervening years, a lot has changed, not just about the technology, but about the job itself. 'We might be 'just' doing systems administration, but that role has moved heavily into managing security, controlling access to a wide range of resources, analyzing network traffic, scrutinizing log files, and fixing the chinks on our cyber armor,' writes Henry-Stocker. What hasn't changed? Systems administration remains a largely thankless role with little room for career advancement, albeit one that she is quick to note is 'seldom boring' and 'reasonably' well-paid. And while 30 years might not be a world's record, it's pretty far along the bell curve; have you been at it longer?
GNU is Not Unix

Interviews: RMS Answers Your Questions 246

The Free Software Foundation will be celebrating its 30th anniversary on Oct. 3rd. Recently, you had a chance to ask its founder Richard Stallman about GNU/Linux, free software, and other issues of public concern. Below you'll find his answers to your questions. Learn more about how you can join the FSF here, and help fight the good fight.

New Release of the Trinity Desktop Environment 197

mescobal writes: A new release of the Trinity Desktop Environment (TDE) is out. TDE is "a computer desktop environment for Unix-like operating systems with a primary goal of retaining the function and form of traditional desktop computers" which translates into a fully functional KDE 3 style Desktop. Something is missing in the new generation of desktop environments, since some people (perhaps more than "some") feel at home with Gnome 2 or KDE i3. They have repositories for Debian and Ubuntu-based distros. I'm now using it on Ubuntu 15.04, amazed about how well-planned things were in the previous generation of DE. We may have gained some things with Gnome 3 and Plasma 5, but we lost a lot of good features too. TDE brings them back.
Open Source

Debian Founder: How I Came To Find Linux 136

An anonymous reader writes: Ian Murdock has pretty solid open source cred: in 1993 he founded Debian, he was the CTO of Progeny and the Linux Foundation, and he helped pave the way for OpenSolaris. He has published a post about how he initially joined the Linux ecosystem. Quoting: "[In 1992], I spent most evenings in the basement of the MATH building basking in the green phosphorescent glow of the Z-29 terminals, exploring every nook and cranny of the UNIX system upstairs. ... I was also accessing UNIX from home via my Intel 80286-based PC and a 2400-baud modem, which saved me the trek across campus to the computer lab on particularly cold days. Being able to get to the Sequent from home was great, but I wanted to replicate the experience of the ENAD building's X terminals, so one day, in January 1993, I set out to find an X server that would run on my PC. As I searched for such a thing on Usenet, I stumbled across something called 'Linux.'" How did you come to find Linux?

OpenSSH 7.0 Released 75

An anonymous reader writes: Today the OpenSSH project maintainers announced the release of version 7.0. This release is focusing on deprecating weak and unsafe cryptographic methods, though some of the work won't be complete until 7.1. This release removes support for the following: the legacy SSH v1 protocol, the 1024-bit diffie-hellman-group1-sha1 key exchange, ssh-dss, ssh-dss-cert-* host and user keys, and legacy v00 cert format. There were also several bug fixes, security tweaks, and new features. In the next release, they plan to retire more legacy cryptography. This includes refusing RSA keys smaller than 1024 bits, disabling MD5-based HMAC algorithms, and disabling these ciphers: blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES.
Operating Systems

HardenedBSD Completes Strong ASLR Implementation 66

New submitter HardenedBSD writes: A relatively new fork of FreeBSD, HardenedBSD, has completed its Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application into doing the attacker's bidding. ASLR removes the determinism, making it so that even if an attacker knows that a vulnerability exists, he doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.

The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement.

Woman Recruited By Google Four Times and Rejected Now Joins Age Discrimination Suit 634

dcblogs writes: An Ivy league graduate, with a Ph.D. in geophysics, Cheryl Fillekes, who also specializes in Linux and Unix systems, was contacted by Google recruiters four separate times over a seven year period. In each instance, she did well enough on the phone interviews to get invited to an in-person interview but was rejected every time for a job. She has since joined an age discrimination lawsuit against Google filed about two months ago by another older worker. "The amended lawsuit also alleges that the U.S. Equal Employment Opportunity Commission (EEOC) received 'multiple complaints of age discrimination by Google, and is currently conducting an extensive investigation.'"

100kb of Unusual Code Protecting Nuclear, ATC and United Nations Systems 145

An anonymous reader writes: For an ex-academic security company still in the seeding round, startup Abatis has a small but interesting roster of clients, including Lockheed Martin, the Swiss military, the United Nations and customers in the civil nuclear and air traffic control sectors. The company's product, a kernel driver compatible with Windows, Linux and Unix, occupies just 100kb with no dependencies, and reportedly achieves a 100% effectiveness rate against intruders by preventing unauthorized I/O activity. The CEO of Abatis claims, "We can stop zero day malware — the known unknowns and the unknown unknowns." The software requires no use of signature files, white-listing, heuristics or sandboxing, with a separate report from Lockheed Martin confirming very significant potential for energy savings — up to £125,000 per year in a data center with 10,000 servers.
Open Source

Why Was Linux the Kernel That Succeeded? 469

jones_supa writes: "One of the most puzzling questions about the history of free and open source software is this: Why did Linux succeed so spectacularly, whereas similar attempts to build a free or open source, Unix-like operating system kernel met with considerably less success?" Christopher Tozzi has rounded up some theories, focusing specifically on kernels, not complete operating systems. These theories take a detailed look at the decentralized development structure, pragmatic approach to things, and the rich developer community, all of which worked in favor of Linux.