Mis à jour : il y a 1 an 21 semaines
From the Vroom dept.:
A Chinese-backed electric car company with visions of revolutionizing transportation â but no product to show yet â announced plans Wednesday to build a $1 billion plant near Las Vegas, marking the second time in just over a year that Nevada has landed a coveted project from the budding industry.
California-based automaker Faraday Future's choice of Nevada over three other states is contingent on state lawmakers' approval of tax incentives that haven't been publicly described. The company's announcement, in a letter to Nevada legislators that was obtained by The Associated Press, also came with the revelation that it's backed by a Chinese billionaire investor who styles himself after Apple's late Steve Jobs.
From the aefasdvv88@--D dept.:
Administration officials met Thursday with the civil-society groups behind a petition urging the White House to back strong, end-to-end encryption over the objections of some law-enforcement and intelligence professionals.
At that meeting, White House officials told representatives from the American Civil Liberties Union, Access, the Center for Democracy and Technology, Human Rights Watch, and New America's Open Technology Institute that they were eyeing a holiday deadline for their formal response, according to Kevin Bankston, OTI's director, who helped organize the meeting.
From the Yike dept.:
An Android-based malware campaign from China has infected up to 85 million Android devices and is making the hackers behind it an approximately $1m every quarter.
Security software and services company Check Point claimed that it has had its eye on the Yingmob gang for five months, describing it as sophisticated, well-staffed and highly profitable.
From the JOracle dept.:
"Oracle's Java development efforts have slowed. And in the case of Java EE, they've come to a complete halt. The outright freeze has caused concerns among companies that contribute to the Java platform and among other members of the Java communityâa population that includes some of Oracle's biggest customers.
Oracle employees that worked on Java EE have told others in the community that they have been ordered to work on other things. There has also been open talk of some Java EE developers "forking" the Java platform, breaking off with their own implementation and abandoning compatibility with the 20-year-old software platform acquired by Oracle with the takeover of Sun Microsystems six years ago. Yet Oracle remains silent about its plans for Java EE"
From the Eeekk dept.:Security researcher Gal Beniamini has discovered issues in how Android devices handle its full disk encryption, making it easier for attackers to gain access to the user's sensitive data.
Beniamini also published a detailed step-by-step guide this week on how one can break down the encryption protections on Android smartphones powered by Qualcomm Snapdragon processors.
From the 60 Mins dept.:
The security flaw in Signaling System No. 7 (SS7), which is a broker between most of the world's phone networks, affects hundreds of millions of mobile-phone users around the world. A hacker only needs to know your phone number to initiate the attack.
From the Bequeath dept.:
"Express will function as itâs own separate entity; similar to how the Node.js Foundation supports Node.js through open governance with a technical steering committee, mentors and contributors that will in effect support the framework," wrote Mikeal Rogers, community manager of the Node.js Foundation, in an email.
From the Wearables dept.:
Google Glass is not dead. A brand new model of Google's face computer has popped up on the FCC website complete with rather high-res images of the device.
The pictures show a Google Glass unit with the FCCID "A4RÂ-GG1" that looks a lot like the existing Glass design. The biggest change seems to be that the device can now fold up, just like a regular pair of glasses, which will make it much easier to store when you aren't wearing it. The Glass prism looks longer than the first version of the device, which presumably offers a larger picture.
From the xoujee99-w dept.:
Microsoft said its âcloud in Germanyâ will launch in the second half of 2016, and will be operated under German law by T-Systems, a subsidiary of telco Deutsche Telekom. The two data centers will be based in Magdeburg and Frankfurt am Main, with Microsoft stressing this âdata trusteeâ model means it will not have any access to customer data without the consent of the trustee, and that it cannot therefore be compelled â âeven by a third partyâ â to hand over customer data.
From the Other White Meat dept.:
The NetBSD Project is pleased to announce NetBSD 7.0, the fifteenth major release of the NetBSD operating system.
This release brings stability improvements, hundreds of bug fixes, and many new features. Some highlights of the NetBSD 7.0 release are:
From the Self Awareness dept.:
A computer virus that tries to avoid detection by making the machine it infects unusable has been found.
From the Girl dept.:
After almost 24 months of constant development the Debian project is proud to present its new stable version 8 (code name Jessie), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team.
From the 4.0 dept.:
Linus: "So I decided to release 4.0 as per the normal schedule, because there really weren't any known issues, and while I'll be traveling during the end of the upcoming week due to a college visit, I'm hoping that won't affect the merge window very much. We'll see.
Linux 4.0 was a pretty small release both in linux-next and in final size, although obviously "small" is all relative. It's still over 10k non-merge commits. But we've definitely had bigger releases (and judging by linux-next v4.1 is going to be one of the bigger ones)."
From the Oopsie dept.:
Google on Saturday let a digital certificate expire that was used to secure its smtp.google.com domain, the domain used by Gmail and Google Apps users to send outgoing email.
The certificate was issued by Google Internet Certificate Authority G2, which issues digital certificates for Google web sites and properties.
From the Grading dept.:
At his blog, cryptographer Matt Green announced that the Open Crypto Audit project's review of the now-abandoned TrueCrypt encryption tool is complete, and that "based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances."
From the Inconceivable! dept.:
The CIA led sophisticated intelligence agency efforts to undermine the encryption used in Apple phones, as well as insert secret surveillance back doors into apps, top-secret documents published by the Intercept online news site have revealed.
The newly disclosed documents from the National Security Agencyâs internal systems show surveillance methods were presented at its secret annual conference, known as the "jamboree".
From the Bugs dept.:
Amazon Web Services and Rackspace are warning their customers of upcoming reboots theyâre taking to address a new Xen hypervisor security issue.
In a premium support bulletin issued Thursday night, Amazon said fewer than 10 percent of all EC2 instances will require work but the affected instances must be updated by March 10. Rackspace also notified customers of the issue, which will affect a subset of a portion of its First and Next Generation Cloud Servers, Thursday night. Later on Friday, Linode also warned users of an upcoming Xen-related reboot.
From the Not Buffering.... dept.:
It's a good day for proponents of an open internet: The Federal Communications Commission just approved its long-awaited network neutrality plan, which reclassifies broadband internet as a Title II public utility and gives the agency more regulatory power in the process. And unlike the FCC's last stab at net neutrality in 2010, today's new rules also apply to mobile broadband. FCC Chairman Tom Wheeler laid out the basic gist of the plan earlier this month -- it'll ban things like paid prioritization, a tactic some ISPs used to get additional fees from bandwidth-heavy companies like Netflix, as well as the slowdown of "lawful content." But now Wheeler's vision is more than just rhetoric; it's something the FCC can actively enforce.
From the Backdoor dept.:
The US National Security Agency (NSA) has infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades, according to an analysis by Kaspersky Labs.
From the You First dept.:
You may never have to reboot your Linux machine ever again, even for kernel patching," and excerpts from the long (and nicely human-readable) description of newly merged kernel code that does what Ksplice has for quite a while (namely, offer live updating for Linux systems, no downtime required), but without Oracle's control. It provides a basic infrastructure for function "live patching" (i.e. code redirection), including API for kernel modules containing the actual patches, and API/ABI for userspace to be able to operate on the patches (look up what patches are applied, enable/disable them, etc). It's relatively simple and minimalistic, as it's making use of existing kernel infrastructure (namely ftrace) as much as possible. It's also self-contained, in a sense that it doesn't hook itself in any other kernel subsystem (it doesn't even touch any other code). It's now implemented for x86 only as a reference architecture, but support for powerpc, s390 and arm is already in the works (adding arch-specific support basically boils down to teaching ftrace about regs-saving).