Canonical isn't pleased with cloud providers who are publishing broken, insecure images of Ubuntu despite being notified several times. In a blogpost, Mark Shuttleworth, the founder of Ubuntu, and the Executive Chairman and VP, Product Strategy at Canonical, made the situation public for all to see. An excerpt from the blog post: We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that. We have spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail. We are now ready to take legal steps to remove these images. We will seek to avoid affecting existing running users, but we must act to prevent future users from being misled. We do not make this move lightly, but have come to the view that the value of Ubuntu to its users rests on these commitments to security, quality and updates.
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
More than 100,000 people in the UK have had their internet access cut after a string of service providers were hit by what is believed to be a coordinated cyber-attack, taking the number affected in Europe up to about a million. From a report on The Guardian, shared by reader JoshTops: TalkTalk, one of Britain's biggest service providers, the Post Office and the Hull-based KCom were all affected by the malware known as the Mirai worm, which is spread via compromised computers. The Post Office said 100,000 customers had experienced problems since the attack began on Sunday and KCom put its figure at about 10,000 customers since Saturday. Earlier this week, Germany's Deutsche Telekom said up to 900,000 of its customers had lost their internet connection as part of the same incident.
The U.S. economy added 178,000 jobs in November, while the unemployment rate fell to 4.6 percent from 4.9 percent the previous month, according to new government data released (Editor's note: the link could be paywalled; alternate source) Friday morning. From a report on the Washington Post: Economists surveyed by Bloomberg News had expected U.S. employers to create 180,000 new jobs last month -- roughly in line with the average number added in the first 11 months of the year. The first release after a contentious election in which the candidates disputed the health and direction of the economy, the data showed a job market that is continuing to steadily strengthen from the recession. The unemployment rate fell to levels not seen since August 2007, before a bubble in the U.S. housing market began to burst. The fall was driven partly by the creation of new jobs, and partly by people retiring and otherwise leaving the labor force. The labor force participation rate ticked down to 62.7 percent. Average hourly earnings declined by 3 cents to $25.89. The decrease pared back large gains seen in October, but over the year average hourly earnings are still up 2.5 percent, the Bureau of Labor Statistics said.
An anonymous reader quotes a report from NPR: An unmanned cargo rocket bound for the International Space Station was destroyed after takeoff on Thursday. The Russian rocket took off as planned from Baikonur, Kazahkstan, on Thursday morning but stopped transmitting data about six minutes into its flight, as NPR's Rae Ellen Bichell reported: "'Russian officials say the spacecraft failed [...] when it was about 100 miles above a remote part of Siberia. The ship was carrying more than 2 1/2 tons of supplies -- including food, fuel and clothes. Most of that very likely burned up as the unmanned spacecraft fell back toward Earth. NASA says the six crew members on board the International Space station, including two Americans, are well stocked for now.'" This is the fourth botched launch of an unmanned Russian rocket in the past two years. Roscomos officials wrote in an update today: "According to preliminary information, the contingency took place at an altitude of about 190 km over remote and unpopulated mountainous area of the Republic of Tyva. The most of cargo spacecraft fragments burned in the dense atmosphere. The State Commission is conducting analysis of the current contingency. The loss of the cargo ship will not affect the normal operations of the ISS and the life of the station crew."
plover writes: Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named "Avalanche," estimated to have involved as many as 500,000 infected computers worldwide on a daily basis. A Europol release says: "The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. In addition, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800,000 domains seized, sinkholed or blocked." Sean Gallagher writes via Ars Technica: "The domains seized have been 'sinkholed' to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world. The Justice Department's Office for the Western Federal District of Pennsylvania and the FBI's Pittsburgh office led the U.S. portion of the takedown. 'The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,' the FBI and DOJ said in their joint statement. In 2010, an Anti-Phishing Working Group report called out Avalanche as 'the world's most prolific phishing gang,' noting that the Avalanche botnet was responsible for two-thirds of all phishing attacks recorded in the second half of 2009 (84,250 out of 126,697). 'During that time, it targeted more than 40 major financial institutions, online services, and job search providers,' APWG reported. In December of 2009, the network used 959 distinct domains for its phishing campaigns. Avalanche also actively spread the Zeus financial fraud botnet at the time."
According to French media, a court in the department of Ardeche on Tuesday sentenced a 32-year-old man in France to two years in prison for repeatedly visiting pro-ISIS websites -- even though there was no indication he planned to stage a terrorist attack. Police raided his house and found the man's browsing history. They also found pro-ISIS images and execution videos on his phone, personal computer, and a USB stick, an ISIS flag wallpaper on his computer, and a computer password that was "13novembrehaha," referencing the Paris terrorist attacks that left 130 people dead. Slashdot reader future guy shares with us an excerpt from The Verge's report: In court, the man argued that he visited the sites out of curiosity. "I wanted to tell the difference between real Islam and the false Islam, now I understand," he said, according to FranceBleu. But the man reportedly admitted to not reading other news sites or international press, and family members told the court that his behavior had recently changed. He became irritated when discussing religion, they said, and began sporting a long beard with harem pants. A representative from the Ardeche court confirmed to The Verge that there was no indication that the man had any plans to launch an attack. In addition to the two-year prison sentence, he will have to pay a 30,000 euros (roughly $32,000) fine.
Back in February, researchers at UC Berkeley released an app called MyShake that detects strong earthquakes seconds before the damaging seismic waves arrive. Several months have passed since its release and app has already detected over 200 earthquakes in more than ten countries. TechCrunch reports: The app has received nearly 200,000 downloads, though only a fraction of those are active at any given time; it waits for the phone to sit idle so it can get good readings. Nevertheless, over the first six months the network of sensors has proven quite effective. "We found that MyShake could detect large earthquakes, but also small ones, which we never thought would be possible," one of the app's creators, Qingkai Kong, told New Scientist. A paper describing the early results was published in Geophysical Research Letters -- the abstract gives a general idea of the app's success: "On a typical day about 8000 phones provide acceleration waveform data to the MyShake archive. The on-phone app can detect and trigger on P waves and is capable of recording magnitude 2.5 and larger events. The largest number of waveforms from a single earthquake to date comes from the M5.2 Borrego Springs earthquake in Southern California, for which MyShake collected 103 useful three-component waveforms. The network continues to grow with new downloads from the Google Play store everyday and expands rapidly when public interest in earthquakes peaks such as during an earthquake sequence." You can download the app for Android here.
The central bank in South Korea, one of the world's most technologically advanced and integrated nations, is taking a major step in getting rid of coins in the nation in what is an attempt to become a cashless society. The first step is to get rid of the metal, a feat authorities hope to achieve by 2020. From a report on FT: The Bank of Korea on Thursday announced it will step up its efforts to reduce the circulation of coins, the highest denomination of which is worth less than $0.50. As part of the plan it wants consumers to deposit loose change on to Korea's ubiquitous "T Money" cards -- electronic travel passes that can be used to pay for metro fares, taxi rides and even purchases in 30,000 convenience stores. The proposals are just the latest step for a nation at the forefront of harnessing technology to make citizens' lives more convenient. Online shopping is the norm, as are mobile payments for the country's tech-savvy millennials. South Korea is already one of the least cash-dependent nations in the world. It has among the highest rates of credit card ownership -- about 1.9 per citizen -- and only about 20 percent of Korean payments are made using paper money, according to the BoK. But while convenience is at the crux of the central bank's plan, there are other considerations. The BoK spends more than $40m a year minting coins. There are also costs involved for financial institutions that collect, manage and circulate them.
State-sponsored hackers have conducted a series of destructive attacks on Saudi Arabia over the last two weeks, erasing data and wreaking havoc in the computer banks of the agency running the country's airports and hitting five additional targets, according to two people familiar with an investigation into the breach. From a report on Bloomberg: Saudi Arabia said after inquiries from Bloomberg News that "several" government agencies were targeted in attacks that came from outside the kingdom, according to state media. Although a probe by Saudi authorities is still in its early stages, the people said digital evidence suggests the attacks emanated from Iran. That could present President-elect Donald Trump with a major national security challenge as he steps into the Oval Office. The use of offensive cyber weapons by a nation is relatively rare and the scale of the latest attacks could trigger a tit-for-tat cyber war in a region where capabilities have mushroomed ever since an attack on Saudi Aramco in 2012.
bulled writes: In the middle of a press release discussing the move of employees from Seattle to California, Cyanogen Inc notes that it has parted ways with Steve Kondik. It is unclear what this means for the future of CyanogenMod. NDTV reports: "Kondik took to the official CyanogenMod developer Google+ community recently where he voiced what he thought were the reasons behind Cyanogen's plight and blamed Kirt McMaster, Cyanogen's Co-Founder. 'I've been pretty quiet about the stuff that's been going on but I'm at least ready to tell the short version and hopefully get some input on what to do next because CM is very much affected,' wrote Kondik in a private Google+ community first reported by Android Police. According to Kondik's version, Cyanogen's turmoil is way far from being over. He claimed that Cyanogen had seen success thanks to the efforts by the community and the company. Though, this also changed how the company worked. Explaining how it all started to come down, Kondik wrote, 'Unfortunately once we started to see success, my co-founder apparently became unhappy with running the business and not owning the vision. This is when the 'bullet to the head' and other misguided media nonsense started, and the bad business deals were signed. Being second in command, all I could do was try and stop it, do damage control, and hope every day that something new didn't happen. The worst of it happened internally and it became a generally shitty place to work because of all the conflict. I think the backlash from those initial missteps convinced him that what we had needed to be destroyed. By the time I was able to stop it, I was outgunned and outnumbered by a team on the same mission.' Kondik also seemingly confirmed a report from July which claimed Cyanogen may pivot to apps. He further wrote, 'Eventually I tried to salvage it with a pivot that would have brought us closer to something that would have worked, but the new guys had other plans. With plenty of cash in the bank, the new guys tore the place down and will go and do whatever they are going to do. It's probably for the best and I wish them luck, but what I was trying to do, is over.'"
Last month, instead of asking for data relating to specific individuals suspected of a crime, the Internal Revenue Service (IRS) demanded America's largest Bitcoin service, Coinbase, to provide the identities of all of the firm's U.S. customers who made transactions over a three year period because there is a chance they are avoiding paying taxes on their bitcoin reserves. On Wednesday, a federal judge authorized a summons requiring Coinbase to provide the IRS with those records. Gizmodo reports: Covering the identities and transaction histories of millions of customers, the request is believed to be the largest single attempt to identify tax evaders using virtual currency to date. As a so-called "John Doe" summons, the document targets a particular group or class of taxpayers -- rather than individuals -- the agency has a "reasonable basis" to believe may have broken the law. According to The New York Times, the IRS argued that two cases of tax evasion involving Coinbase combined with Bitcoin's "relatively high level of anonymity" serve as that basis. "There is no allegation in this suit that Coinbase has engaged in any wrongdoing in connection with its virtual currency exchange business," said the Justice Department on Wednesday. "Rather, the IRS uses John Doe summonses to obtain information about possible violations of internal revenue laws by individuals whose identities are unknown." In a statement, Coinbase vowed to fight the summons, which the company's head counsel has previously characterized as a "every, very broad" fishing expedition.
Beginning next year, internet service providers in the UK will send email notifications to subscribers whose connections have been allegedly used to download copyright infringing content. In what is an attempt to curtail piracy rates, these alerts would try to educate those who pirate about legal alternates. TorrentFreak adds: Mimicking its American counterpart, the copyright alert program will monitor the illegal file-sharing habits of UK citizens with a strong focus on repeat infringers. The piracy alerts program is part of the larger Creative Content UK (CCUK) initiative which already introduced several anti-piracy PR campaigns, targeted at the general public as well as the classroom. The plan to send out email alerts was first announced several years ago when we discussed it in detail, but it took some time to get everything ready. This week, a spokesperson from CCUK's "Get it Right From a Genuine Site" campaign informed us that it will go live in first few months of 2017. It's likely that ISPs and copyright holders needed to fine-tune their systems to get going, but the general purpose of the campaign remains the same.
Stephen Shankland, writing for CNET: Mozilla is marshaling public support for political positions, like backing net neutrality, defending encryption and keeping government surveillance from getting out of hand, says Denelle Dixon-Thayer, Mozilla's chief legal and business officer. The organization is funding the efforts with revenue from Firefox searches, which has jumped since 2014 when it switched from a global deal with Google to a set of regional deals. Mozilla brought in $421 million in revenue last year largely through partnerships with Yahoo in the US, Yandex in Russia and Baidu in China, according to tax documents released alongside Mozilla's 2015 annual report on Thursday. Pushing policy work brings new challenges well beyond traditional Mozilla work competing against Google's Chrome browser and Microsoft's Internet Explorer. They include squaring off against the incoming administration of Donald Trump.
Plex and Kodi, two popular home theater apps, can get both of them together. Plex has announced its new Kodi add-on so you can include your Plex library in Kodi (provided you're a Pass user). From a report on Engadget: The new plugin includes most of the features you'd come to expect from Plex, which means it'll play back nearly any video or music format and cleverly categorize your media library. It simply lets you run the two media centers simultaneously without losing any of your customizations. It's currently only available to Plex Pass subscribers (it will be released publicly soon) and it doesn't yet work with Plex Companion remote control, but it does sport a brand new user interface (UI) that Plex says helps to "showcase some of our new thinking."
The National Science Foundation (NSF) announced Thursday morning that it will provide a "humanitarian medical evacuation flight" from the South Pole for an "ailing" Buzz Aldrin. BusinessInsider adds: Aldrin was the second man to walk on the moon, joining Neil Armstrong in the Apollo 11 Lunar Module in July 1969. He has since become an author and advocate for crewed missions to Mars. He is 86, and no further information is available as to his condition. The NSF's statement said that an NSF plane will fly Aldrin from the Amundsen-Scott research station at the South Pole to McMurdo Station on the Antarctic coast. At that point ski-equipped LC-130 cargo planes flown by the 109th Airlift Wing of the New York Air National Guard will haul him to New Zealand "as soon as possible."