Click through to read some of the highlights.
Click through to read some of the highlights.
Note that once users' PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.
The update also includes "a lot of enhancements and bug-fixes," and if no critical issues are found, "Auto-updater will be triggered in few days."
A 1998 Slashdot editorial prompted Richard Stallman and the Free Software Foundation to complain about how "Gnu" was used in the site's name. "We renamed GnuHoo to NewHoo," a blog post later explained, "but then Yahoo objected to the 'Hoo' (and our red letters, exclamation point, and 'comical font')." After being acquired for Netscape's "Open Directory Project," their URL became directory.mozilla.org, which was shortened to DMOZ. Search Engine Land predicts the memory of the Open Directory Project will still be kept alive by the NOODP meta tag.
The site was so old that its hierarchical categories were originally based on the hierarchy of Usenet newsgroups. As it nears its expiration date, do any Slashdot readers have thoughts or memories to share about DMOZ?
Concepts, Stroustrup believes, will greatly ease engineers' ability to write efficient, reliable C++ code... The most obvious effect will be a massive improvement in the quality of error messages, but the most important long-term effect will be found in the flexibility and clarity of code, Stroustrup says. "In particular, having well-specified interfaces allows for simple, general and zero-overhead overloading of templates. That simplifies much generic code"
Concepts are already available in GNU C Compiler 6.2, and Stroustrup wants them to be included in C++ 20. "In my opinion, concepts should have been part of C++ 17, but the committee couldn't reach consensus on that."
The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many."
And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.
In the post titled "Goodbye to GNU Libreboot," Stallman wrote that "When a package's maintainer steps down, that doesn't by itself break the relationship between GNU and the package. If it is left without a maintainer but is still useful, the GNU Project will usually look for new maintainers to work on it. However, we can instead drop ties with the package, if that seems the right thing to do.
"A few months ago, the maintainer of GNU Libreboot decided not to work on Libreboot for the GNU Project any more. That was her decision to make. She also asserted that Libreboot was no longer a GNU package -- something she could not unilaterally do. The GNU Project had to decide what to do in regard to Libreboot. We have decided to go along with the former GNU maintainer's wishes in this case, for a combination of reasons: (1) it had not been a GNU package for very long, (2) she was the developer who had originally made it a GNU package, and (3) there were no major developers who wanted to continue developing Libreboot under GNU auspices."
The real-world consequences have been demonstrated in the past few years with the Heartbleed vulnerability in OpenSSL, Shellshock in GNU Bash, and a deserialization vulnerability exploited in a recent high-profile attack against the San Francisco Municipal Transportation Agency. These are three instances where developers reuse libraries and frameworks that contain unpatched flaws in production applications... According to security experts, the problem is two-fold. On one hand, developers use reliable code that at a later date is found to have a vulnerability. Second, insecure code is used by a developer who doesn't exercise due diligence on the software libraries used in their project.
That seems like a one-sided take, so I'm curious what Slashdot readers think. Does code reuse endanger secure software development?
"debootstrap now defaults to merged-/usr, that is with /bin, /sbin, /lib* being symlinks to their counterpart in /usr (more details on: https://lists.debian.org/debian-devel/2016/09/msg00269.html)," wrote Cyril Brulebois in the mailing list announcement, where it states that default debootstrap mirror was switched to deb.debian.org.
[T]he firmware will be licensed under GPL 3 rather than CC-BY-SA 4.0. This change is in line with the Creative Commons's own recommendations regarding software licensing. We also realized that some of our firmware uses libraries provided under NDA. We will clearly identify which components are protected under NDA and how to go about securing such an NDA.
They've already released a .zip file of their schematics, and in addition announced that "we're committing to opening the PCB layout sources once we've sold a total of 3,000 ORWL unit." Their announcement includes a link for feedback from the community.
Version .2 of Spacemacs was released this week "with more than 1700 commits since the last major version released in January 2016." With nearly 500 contributors on GItHub, Spacemacs plans to be "crowd-configured" with "curated packages tuned by power users," and is offering features like a real-time display of available key bindings, a simple query system for layers and packages, and of course, a clearly defined set of conventions.