Slashdot Mirror

executioner quotes a report from The Intercept: The Intercept's first SIDtoday release comprises 166 articles, including all articles published between March 31, 2003, when SIDtoday began, and June 30, 2003, plus installments of all article series begun during this period through the end of the year. Major topics include the National Security Agency's role in interrogations, the Iraq War, the war on terror, new leadership in the Signals Intelligence Directorate, and new, popular uses of the internet and of mobile computing devices. You can download this batch directly here, or download the documents via Github.

I remember loading Doom for the first time from a 3.5-inch disk back in 1994. In 1997 the source code for Doom's Linux version was released just before Christmas. A hidden Doom level appeared in Microsoft Excel, and a Doom video was also used to promote Windows 95. By 2004 a drummer from Nine Inch Nails was recording the theme song for Doom 3...

There was that weird movie with The Rock and Karl Urban. Last year Doom was inducted into the World Video Game Hall of Fame. This January John Romero created a new level, and this weekend's release of a new Doom also featured a mod with one of the the original Doom II levels from 1994.

After a storied history, millions of frags, and thousands of hours of in-world gameplay, Doom holds a unique place in both the history of gaming and geeks. So share your favorite stories in the comments. What's your personal best-loved story about Doom?

Dan Goodin, reporting for Ars Technica: An ongoing drive-by attack is forcing ransomware onto Android smartphones by exploiting critical vulnerabilities in older versions of Google's mobile operating system still in use by millions of people, according to research scheduled to be published Monday. The attack combines exploits for at least two critical vulnerabilities contained in Android versions 4.0 through 4.3, including an exploit known as Towelroot, which gives attackers unfettered "root" access to vulnerable phones. The exploit code appears to borrow heavily from, if not copy outright, some of these Android attack scripts, which leaked to the world following the embarrassing breach of Italy-based Hacking Team in July. Additional data indicates devices running Android 4.4 may also be infected, possibly by exploiting a different set of vulnerabilities.Blue Coat, a California-based provider of security and networking solutions writes: This is the first time, to my knowledge; an exploit kit has been able to successfully install malicious apps on a mobile device without any user interaction on the part of the victim. During the attack, the device did not display the normal "application permissions" dialog box that typically precedes installation of an Android application. After consulting with analyst Joshua Drake of Zimperium, he was able to confirm that the Javascript used to initiate the attack contains an exploit against libxslt that was leaked during the Hacking Team breach. Drake also confirmed that the payload of that exploit, a Linux ELF executable named module.so, contains the code for the "futex" or "Towelroot" exploit that was first disclosed at the end of 2014.

An anonymous reader writes: Johan Kanflo has managed to make the already small Tiny328 Arduino clone into an even smaller computing platform about the size of a single AA battery. Not only will it fit in a typical AA battery holder, but it will actually draw power from the batteries beside it as it's wired in "backwards" (with the + and - poles reversed). The Arduino platform consists of open-source hardware, open-source software, and microcontroller-based kits, making it easy to (re)program the processors, and develop software for hardware applications using a java-clone and an easy-to-learn IDE. For those interested in the AAduino, Johan has made his creation available online on Github with instructions and schematics to build your own.

An anonymous reader quotes a report from WordPress Tavern: Authorities have not yet identified the hacker behind the Panama Papers breach, nor have they isolated the exact attack vector. It is clear that Mossack Fonseca, the Panamanian law firm that protected the assets of the rich and powerful by setting up shell companies, had employed a dangerously loose policy towards web security and communications. The firm ran its unencrypted emails through an outdated (2009) version of Microsoft's Outlook Web Access. Outdated open source software running the frontend of the firm's websites is also now suspected to have provided a vector for the compromise. Forbes has identified outdated WordPress and Drupal installations as security holes that may have led to the data leak. [WordPress Tavern Editor Sarah Gooding] found that the firm's WordPress-powered site is currently running on version 4.1 (released in December 2014), based on its version of autosave.js, which is identical to the autosave.js file shipped in 4.1. The main site is also loading a number of outdated scripts and plugins. Its active theme is a three-year-old version of Twenty Eleven (1.5), which oddly resides in a directory labeled for /twentyten/. The Mossack Fonseca client portal changelog.txt file is public, showing that its Drupal installation hasn't been updated for three years. Since the release of version 7.23, the software has received 25 security updates, which means that the version it is running includes highly critical known vulnerabilities that could have given the hacker access to the server.

An anonymous reader writes: Google has intervened and banned the Better History Chrome extension from the Chrome Web Store after users reported that it started taking over their browsing experience and redirecting them to pages showing ads. As it turns out, the extension was sold off to an unnamed buyer who started adding malicious code that would redirect the user's traffic through a proxy, showing ads and collecting analytics on the user's traffic habits. This same malicious code has also been found in other Google Chrome extensions such as Chrome Currency Converter, Web Timer, User-Agent Switcher, Better History, 4chan Plus, and Hide My Adblocker. At the moment, only Better History and User-Agent Switcher have been removed from the Web Store.

An anonymous reader writes: Four years after the release of a groundbreaking study on the state of SSL/TLS certificates in non-browser applications (APIs [to be exact]), some programming languages fail to provide developers with the appropriate tools to validate certificates. Using three simple test scripts connected to a list of known vulnerable HTTPS servers, researchers logged their results to see which programming languages detected any problems. According to the results, all tested programming languages (PHP, Python, Go), in various configurations, failed to detect HTTPS connections that used revoked SSL/TLS certificates. This is a problem for HTTPS-protected APIs since users aren't visually warned, like in browsers, that they're on an insecure connection. "PHP, Python, and Google Go perform no revocation checks by default, neither does the cURL library. If the certificate was compromised and revoked by the owner, you will never know about it," noted Sucuri's Peter Kankowski.

An anonymous reader writes: CloudFlare's co-founder Matthew Prince has publicly appealed to work with the Tor Project on implementing a solution that will stop the high incidence of Tor users being challenged by CAPTCHAs whilst browsing. Prince proposes the implementation of a Tor plugin that would communicate with CloudFlare servers to provide temporary, anonymous identification to bypass the CAPTCHAs, and has presented the code on GitHub. Other possibilities mooted include the adoption of higher-level encryption, which would be likely to adversely influence a network which already has native (and inevitable) latency issues. CloudFlare's public post on the matter comes after five turbulent weeks of comments-section debate between CloudFlare and Tor, and seems to be an appeal for public arbitration on the matter.Prince further noted that 94% of the traffic CloudFlair sees is "per se malicious." From his blog post: That doesn't mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network.

An anonymous reader writes: As promised, Microsoft started shipping its $3,000 HoloLens development kits today. In addition to sharing that bots are coming to the new platform, the company also released a HoloLens emulator, which lets developers test holographic apps on their PC without the need for a physical HoloLens. You can download the emulator now directly from here. Thinking about building a holographic app? HoloToolkit on GitHub is a collection of scripts and components that may help accelerate your development.

An anonymous reader shares a report on VentureBeat: Microsoft today is introducing the Bot Framework, a new tool in preview to help developers build their own chatbots for their applications. Using this, anyone can create a text program that they can chat with. A BotBuilder software-development kit (SDK) is available on GitHub under an open-source MIT license. These bots can be implemented into a variety of applications, including Slack or Telegram or even email. "Bots are like new applications," Microsoft chief executive Satya Nadella said. "And digital assistants are meta apps, or like the new browsers. And intelligence is infused into all of your interactions. That's the rich platform that we have." Microsoft will want to tread carefully.

prisoninmate quotes a report from Softpedia: Git 2.8 has been released on March 28, and we have to admit that it comes as a huge surprise to us all. Prominent features of Git 2.8 include parallel fetches of submodules, which allows for the inclusion of other Git repositories in a single Git repo when using the "git submodules" command, support for turning off Git's smudge and clean filters, and support for cloning repos through the rsync protocol. The Git for Windows build received a lot of attention in Git 2.8 and it looks like it's now as comfortable to use as it is on the GNU/Linux and Mac OS X platforms. Also, it is now possible to tell Git not to guess your identity, which, instead, forces you to add a user.name and user.email before doing any commits. Check out the the full release notes for the complete list.

prisoninmate quotes a report from Softpedia: Git 2.8 has been released on March 28, and we have to admit that it comes as a huge surprise to us all. Prominent features of Git 2.8 include parallel fetches of submodules, which allows for the inclusion of other Git repositories in a single Git repo when using the "git submodules" command, support for turning off Git's smudge and clean filters, and support for cloning repos through the rsync protocol. The Git for Windows build received a lot of attention in Git 2.8 and it looks like it's now as comfortable to use as it is on the GNU/Linux and Mac OS X platforms. Also, it is now possible to tell Git not to guess your identity, which, instead, forces you to add a user.name and user.email before doing any commits. Check out the the full release notes for the complete list.

An anonymous reader quotes a report from BBC: Amazon has published an online guide explaining how to access its virtual assistant Alexa via a Raspberry Pi. The walkthrough includes access to the necessary app data and certificates in order to link the budget computer up to the tech giant's servers. Amazon says that users require at least the second-generation model, released in February 2015, as well as: a plug-in USB microphone, microSD card, ethernet cable, Wi-Fi wireless adapter, mouse, keyboard, and screen. The coding involved is limited to typing in sets of commands, but the guide explains the purpose of each one. Users also need to register for an Amazon Developer Account, which they can get for free.

Freshly Exhumed writes: Redox OS, a project on GitHub aimed at creating an alternative OS able to run almost all Linux executables with only minimal modifications, is to feature a pure Rust ecosystem, which they hope will improve correctness and security over other OSes. In their own words, 'Redox isn't afraid of dropping the bad parts of POSIX, while preserving modest Linux API compatibility.' They also level harsh criticisms at other OSes, saying "...we will not replicate the mistakes made by others. This is probably the most important tenet of Redox. In the past, bad design choices were made by Linux, Unix, BSD, HURD, and so on. We all make mistakes, that's no secret, but there is no reason to repeat others' mistakes." Not stopping there, Redox documentation contains blunt critiques of Plan 9, the GPL, and other mainstays.

An anonymous reader writes: Mozilla has announced it is releasing the first alpha versions of its Servo browser this upcoming June. The project uses browser.html for the browser's UI and Rust for the browser's core. There's a similarity between how Microsoft launched Spartan (Edge) and how Mozilla is launching Servo now. While many might think Mozilla is sneakily working on a Firefox replacement, Mozilla has also invested quite a lot in Firefox these days, like WebExtensions and e10s, and it may be more plausible that Servo might slowly be integrated in Firefox to replace Gecko, rather than replace Firefox altogether, like Microsoft did with Edge to IE.

jones_supa writes: The hotel in which Matthew Garrett was staying at, had decided that light switches are unfashionable and replaced them with a series of Android tablets. In his tour to the system, one was quickly met with a glitch message "UK_bathroom isn't responding." Anyway, two of the tablets had convenient-looking ethernet cables plugged into the wall, so MacGyver began hacking. He managed to borrow a couple of USB ethernet adapters, set up a transparent bridge and then stick his laptop between the tablet and the wall. Tcpdump showed traffic, and Wireshark revealed that it was Modbus over TCP. Modbus is a pretty trivial protocol, and does not implement authentication. The Pymodbus tool could be used to control lights, turn the TV on/off, and even close and open the curtains. Then he noticed something. His room number was 714. The IP address he was communicating with was 172.16.207.14. They wouldn't, would they? Indeed, he could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that he could control them as well.

jones_supa writes: id Software is well known for publicly releasing the source code of its old first-person-shooter games. Now Croteam is joining the club by releasing the source code of the engine of the very first Serious Sam game. It's the very same engine that the company used for Serious Sam Classic: The First Encounter and The Second Encounter. Croteam's Vyacheslav Nikitenko, who worked on the source code and prepared Serious Engine v.1.10 for this release, had this to say: "Historically, this version of Serious Engine is very important for Croteam and for me personally. I created several mods for Serious Sam back in the day, before even starting the work on the source code, and it was a great tool for learning. And it's even better today! Obviously, Serious Engine v1.10 won't produce top-notch graphics, but the source code is very well commented, easy to modify, and there are lots of user generated mods out there. This version has everything you need to build your own game – or just experiment. If you're looking to get started, just download the files from GitHub and head over to SeriousZone, it has a great community and lots of tutorials." Happy hacking! (And here's a video with some game play that shows what this engine can do.)

Vigile writes: One of the concerns surrounding the recent debate of the Unified Windows Platform and games being released on it, such as the recent Gears of War Ultimate Edition, was the inability for media and consumers, and even entry level developers, to properly profile the performance of those applications. All of the standard testing applications like Fraps, FCAT and other overlays are locked out of UWP games. A Intel graphics engineer released a tool called PresentMon on GitHub yesterday that accesses event timers in Windows to monitor Present commands in any API, including DX11, DX12, Vulkan as well as games built on the Windows Store platform. Using this data, PC Perspective was able to profile the performance of the new Gears of War on PC, comparing frame time variability between the two flagship parts from NVIDIA and AMD. While it's not a perfect utility yet, there is hope now that this open source code will allow for performance metrics on any and all gaming titles.

shutdown -p now writes: Microsoft has released the first public preview of RTVS (R Tools for Visual Studio), an extension for Visual Studio that adds support for the R (GNU S) programming language. The product is open source, and while most of the code is under the MIT license, some components are GPLv2, in accordance with the R license. That's not the first time this week (or this year) that Microsoft's open source efforts have been front-page news; with its new role in the Eclipse Foundation, too, the company's angling toward being one of the largest open source companies around, even if that's a small part of its business model. Update: 03/09 19:03 GMT by T : Speaking of which: reader Salgak1 writes with his first submission, linking the Register's report that Microsoft has released a Debian-based Linux distro, called SONIC. "It is optimized for network switching, and apparently is a localized version of the "Azure Cloud Switch" released into the Azure cloud hosting system. Question is, is it just another Microsoft "Embrace, Extend. Extinguish" strategy in action?"

shutdown -p now writes: Microsoft has released the first public preview of RTVS (R Tools for Visual Studio), an extension for Visual Studio that adds support for the R (GNU S) programming language. The product is open source, and while most of the code is under the MIT license, some components are GPLv2, in accordance with the R license. That's not the first time this week (or this year) that Microsoft's open source efforts have been front-page news; with its new role in the Eclipse Foundation, too, the company's angling toward being one of the largest open source companies around, even if that's a small part of its business model. Update: 03/09 19:03 GMT by T : Speaking of which: reader Salgak1 writes with his first submission, linking the Register's report that Microsoft has released a Debian-based Linux distro, called SONIC. "It is optimized for network switching, and apparently is a localized version of the "Azure Cloud Switch" released into the Azure cloud hosting system. Question is, is it just another Microsoft "Embrace, Extend. Extinguish" strategy in action?"

shutdown -p now writes: Microsoft has released the first public preview of RTVS (R Tools for Visual Studio), an extension for Visual Studio that adds support for the R (GNU S) programming language. The product is open source, and while most of the code is under the MIT license, some components are GPLv2, in accordance with the R license. That's not the first time this week (or this year) that Microsoft's open source efforts have been front-page news; with its new role in the Eclipse Foundation, too, the company's angling toward being one of the largest open source companies around, even if that's a small part of its business model. Update: 03/09 19:03 GMT by T : Speaking of which: reader Salgak1 writes with his first submission, linking the Register's report that Microsoft has released a Debian-based Linux distro, called SONIC. "It is optimized for network switching, and apparently is a localized version of the "Azure Cloud Switch" released into the Azure cloud hosting system. Question is, is it just another Microsoft "Embrace, Extend. Extinguish" strategy in action?"

An anonymous reader writes: Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody. The tool is called DCEPT (Domain Controller Enticing Password Tripwire). It consists of: The DCEPT Generation Server, which creates unique honeytoken credentials for Active Directory (AD), the Windows component used by network administrators to manage accounts, processes, and permissions on devices within their domain. The DCEPT Agent, which introduces them daily into the memory of each endpoint on the network. The DCEPT Sniffer, which looks for Kerberos pre-authentication packets destined for the AD domain controller that match the honeytoken username. If it detects one, it alerts the network administrator and points towards the compromised workstation. DCEPT has been open sourced and is available on GitHub, along with instructions for deployment.

jones_supa writes: Team fail0verflow, the hacker group who made Sony PlayStation 4, has introduced another method to start Linux in the game console. Instead of the previous exploit which was based on a security hole in an old PS4 firmware version, the new trick allows a kexec call to start Linux through Orbis OS (the FreeBSD-based system software of PS4). The code can be found in GitHub. Maybe this will lead to more and better PlayStation clusters.

phantomfive writes: We've seen password frequency lists, here is an analysis of PIN frequency with a nice heatmap towards the bottom. There is a line for numbers starting with 19*, which is the year of birth, a cluster around MM/DD for people's birthdays, and a hard diagonal line for the same digit repeated four times.

An anonymous reader writes: After almost a year of development, bug fixing and cleanup, BorgBackup 1.0.0 has been released. BorgBackup is a fork of the Attic-Backup project — a deduplicating, compressing, encrypting and authenticating backup program for Linux, FreeBSD, Mac OS X and other unixoid operating systems (Windows may also work using CygWin, but that is rather experimental/unsupported). It works on 32bit as well as on 64bit platforms, x86/x64 and ARM CPUs (maybe as well on others, but these are the tested ones). For Linux, FreeBSD and Mac OS X, there are single-file binaries which can be just copied onto a system and contain everything needed (Python, libraries, BorgBackup itself). Of course, it can be also installed from source. BorgBackup is FOSS (BSD License) and implemented in Python 3 (91%), speed critical parts are in C or Cython (9%).

szczys writes: The NTSC standard has effectively been replaced by newer digital standards, but most televisions still work with these signals. This can be done through a composite video connection, but more fun is to broadcast video directly to your television's analog tuner. This is what cnlohr has been working on, using a lowly ESP8266 module to generate and transmit the color TV signal. This board is a $3 Wi-Fi module. But the chip itself has a number of other powerful peripheral features, including I2S and DMA. This hardware makes it possible to push the TV broadcast out using hardware, taking up only about 10% of processor time. Even more impressive, cnlohr didn't want to recompile and flash (which is a relatively slow process) during prototyping so he used a web worker to implement browser-based development through the chip's Wi-Fi connection. Speaking of chip-abuse in the interest of hyperlocal signal propagation, reader fulldecent writes to point out a project on GitHub that "allows transmission of radio signals from a computer that is otherwise air gapped. Right now this could be useful for playing a quick tune or for pranks. But there are more nefarious uses as this could also be used to exfiltrate information from secure networks."

isza writes: This is a follow-up to the Slashdot story about mobilECG, a 12-lead, clinical-grade ECG being open sourced. We have not given up on our goal to get rid of the high-profit-margin and dishonest distribution practices of diagnostic ECGs, and make a certified open source version of this important diagnostic device. After many months of hard work, there is now a working prototype of a much more capable device than the first version, with its sources available on GitHub. MobilECG now has a Holter function, changeable lead-configurations and Bluetooth. Here's a video of the prototype working.

destinyland writes: Last week GitHub announced the ability to create templates for Issues and Pull Requests, in an apparent response to an open letter signed by 600+ project maintainers. "This is the first of many improvements to Issues and Pull Requests that we're working on based on feedback from the community," "wrote Ben Bleikamp, Product Manager at GitHub. The original letter, hosted in a "Dear-Github" repository, noted that "If GitHub were open source itself, we would be implementing these things ourselves as a community..." But this week GitHub continued releasing new improvements, offering a new feature with to upload files directly into repositories without leaving their browser.

destinyland writes: Last week GitHub announced the ability to create templates for Issues and Pull Requests, in an apparent response to an open letter signed by 600+ project maintainers. "This is the first of many improvements to Issues and Pull Requests that we're working on based on feedback from the community," "wrote Ben Bleikamp, Product Manager at GitHub. The original letter, hosted in a "Dear-Github" repository, noted that "If GitHub were open source itself, we would be implementing these things ourselves as a community..." But this week GitHub continued releasing new improvements, offering a new feature with to upload files directly into repositories without leaving their browser.

destinyland writes: Last week GitHub announced the ability to create templates for Issues and Pull Requests, in an apparent response to an open letter signed by 600+ project maintainers. "This is the first of many improvements to Issues and Pull Requests that we're working on based on feedback from the community," "wrote Ben Bleikamp, Product Manager at GitHub. The original letter, hosted in a "Dear-Github" repository, noted that "If GitHub were open source itself, we would be implementing these things ourselves as a community..." But this week GitHub continued releasing new improvements, offering a new feature with to upload files directly into repositories without leaving their browser.

An anonymous reader writes: The milestone release FFmpeg 3.0 "Einstein" has been unleashed. For those who need a reminder, FFmpeg comprises several libraries and command-line tools (the main command-line tool being "ffmpeg") that encode, decode, transcode, and stream audio/visual data, etc. FFmpeg supports a multitude of codecs, filters, and container formats too numerous to mention here. FFmpeg is used by MPlayer, VLC, HandBrake, Chrome, and many other projects. Changes from 2.x to 3.0 include: a much better native AAC encoder, better hardware acceleration, and some API/ABI breakage. See this, this, this, this, and the changelog for much better descriptions of the improvements.

Andrey_Karpov writes: Svyatoslav Razmyslov from PVS-Studio Team published an article on the check of the FreeBSD kernel. PVS-Studio developers are known for analyzing various projects to show the abilities of their product, and do some advertisement, of course. Perhaps, this is one of the most acceptable and useful ways of promoting a proprietary application. They have already checked more than 200 projects and detected 9355 bugs. At least that's the number of bugs in the error base of their company.

So now it was FreeBSD kernel's turn. The source code was taken from GitHub 'master' branch. Svyatoslav states that PVS-Studio detected more than 1000 suspicious code fragments that are most likely bugs or inaccurate code. He described 40 of them in the article. The list of warnings was given to the FreeBSD developer team and they have already started editing the code.

A couple of words for programmers who are still not familiar with PVS-Studio. PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++ and C#. It performs static code analysis and generates a report that helps a programmer find and fix the errors in the code. You can see a more detailed description of the tool on the company website and download a trial version.

destinyland writes: Last week GitHub released a new open source tool called Scientist, a Ruby-based library they've been using in-house for several years. "It's the most terrifying moment when you flip the switch," GitHub engineer Jesse Toth told one technology reporter, who notes that the tool is targeted at developers transitioning from a legacy system. "Scientist was born when GitHub engineers needed to rewrite the permissions code — one of the most critical systems in the GitHub application." The tool measures execution duration and other metrics for both test and production code during runtime, and Toth reports that they're now also developing new versions in Node.js, C#, and .Net..

destinyland writes: Promising "uber tiny Docker images for all the things," Iron.io has released a new library of base images for every major language optimized to be as small as possible by using only the required OS libraries and language dependencies. "By streamlining the cruft that is attached to the node images and installing only the essentials, they reduced the image from 644 MB to 29MB,"explains one technology reporter, noting this makes it quicker to download and distribute the image, and also more secure. "Less code/less programs in the container means less attack surface..." writes Travis Reeder, the co-founder of Iron.io, in a post on the company's blog. "Most people who start using Docker will use Docker's official repositories for their language of choice, but unfortunately if you use them, you'll end up with images the size of the Empire State Building..."

An anonymous reader writes: Last Shmoocon, famous reverse engineer Travis Goodspeed presented his jailbreak of the Chinese MD380 digital handheld radio. The hack has since been published at GitHub with all needed source code to turn a cheap digital radio into the first hardware scanner for DMR digital mobile radio: a firmware patch for promiscuous mode that puts all talk groups through the speaker including private calling. In the U.S. the competing APCO-25 is a suite of standards for digital radio communications for federal users, but a lot of state/county and local public safety organizations including city police dispatch channels are using the Mototrbo MotorolaDMR digital standard.

New submitter thebigjeff writes: Beginning at around 7:30pm EST on 1/27/2016, GitHub's core services have been offline. Most repositories and other functionality is inaccessible. The status page is calling it a "significant network disruption." More from The Register: GitHub falls offline, devs worldwide declare today a snow day.

An anonymous reader writes: Microsoft is moving its machine learning Computational Network Toolkit (CNTK) from its own hosting site, CodePlex, to GitHub. They're also putting it under the MIT open source license. The move marks an effort to make it easier for developers to collaborate on building their own deep learning applications using the CNTK. Under the CodePlex license, access was restricted to academics only, and it was wholly targeted to that audience. Now that it's opening the project to everyone, Microsoft hopes to attract a greater number of developers, and a wider variety as well. This follows similar releases from Google and Baidu.

Reader John Tromp points to an explanation posted at GitHub of a computational challenge Tromp coordinated that makes a nice companion to the recent discovery of a 22 million-digit Mersenne prime. A distributed effort using pooled computers from two centers at Princeton, and more contributed from the HP Helion cloud, after "many hiccups and a few catastrophes" calculated the number of legal positions in a 19x19 game of Go. Simple as Go board layout is, the permutations allowed by the rules are anything but simple to calculate: "For running an L19 job, a beefy server with 15TB of fast scratch diskspace, 8 to 16 cores, and 192GB of RAM, is recommended. Expect a few months of running time." More: Large numbers have a way of popping up in the game of Go. Few people believe that a tiny 2x2 Go board allows for more than a few hundred games. Yet 2x2 games number not in the hundreds, nor in the thousands, nor even in the millions. They number in the hundreds of billions! 386356909593 to be precise. Things only get crazier as you go up in boardsize. A lower bound of 10^{10^48} on the number of 19x19 games, as proved in our paper, was recently improved to a googolplex. (For anyone who wants to double check his work, Tromp has posted as open source the software used.)

An anonymous reader writes: The Rust team has announced the release of version 1.6 of their programming language. The biggest new feature is that libcore — the Rust core library — is now stable. "Rust's standard library is two-tiered: there's a small core library, libcore, and the full standard library, libstd, that builds on top of it. libcore is completely platform agnostic, and requires only a handful of external symbols to be defined. Rust's libstd builds on top of libcore, adding support for memory allocation, I/O, and concurrency. Applications using Rust in the embedded space, as well as those writing operating systems, often eschew libstd, using only libcore." Other features worth noting: Crates.io disallows wildcards for dependencies, there are a ton of stabilized APIs, timer functions that use milliseconds have been deprecated, and the parser will warn you if a failure was caused by Unicode characters that look similar but are interpreted differently.

campuscodi writes: Microsoft has submitted an official pull request to the Node.js project, through which it's asking the project's maintainers to enable support for ChakraCore, the JavaScript engine packed inside Microsoft's Edge browser, as an alternative to Node's built-in V8 engine, developed by Google. Earlier in December 2015, Microsoft open-sourced ChakraCore. Microsoft has also been one of the biggest companies to adopt Node.js early on, and is also part of the Node.js Foundation's Board o Directors. The main reason to add ChakraCore support in Node.js will help the IoT version of Windows 10 to run JS apps on IoT devices, just like Samsung is also thinking about.

DeveloperTech reports that a group of GitHub developers have posted an open letter, with nearly 1300 signatures, expressing dissatisfaction with GitHub's processes and policies, and in particular the site's level of transparency. A slice of the letter: "Those of us who run some of the most popular projects on GitHub feel completely ignored by you. We’ve gone through the only support channel that you have given us either to receive an empty response or even no response at all," he wrote. "We have no visibility into what has happened with our requests, or whether GitHub is working on them. Since our own work is usually done in the open and everyone has input into the process, it seems strange for us to be in the dark about one of our most important project dependencies."

Theovon writes: For quite some time now, "open hardware" enthusiasts have had access to a number of open source CPUs, including OpenRISC. However, it wasn't until recently that there has been any kind of open source GPU. In 2014, the Vertical Research Group at the University of Wisconsin-Madison announced MIAOW. MIAOW is in many ways a clone of the AMD Southern Islands architecture and can even run some of the same binary code. Unfortunately, MIAOW is missing some key components such as video and memory systems, making it not currently possible to implement fully in hardware. For this, Nyuzi comes to the rescue. Nyuzi (formerly Nyami) has been in development since 2010 and is a fully functional open source GPU inspired by Larrabee. Although architecturally different from the SIMT architectures from AMD and Nvidia, researchers at Binghamton University and several other places have already used it to conduct research on GPUs. A paper (PDF) was published in March 2015 about this processor (one of the authors was the original founder of the Open Graphics Project), and Nyuzi (homepage) can be downloaded from GitHub.

An anonymous reader writes: Security researcher Sean Cassidy has developed a fairly trivial attack on the LastPass password management service that allows attackers an easy method for collecting the victim's master password. He developed a tool called LostPass that automates phishing attacks against LastPass, and even allows attackers to collect password vaults from the LastPass API.

An anonymous reader writes: Chinese web services company Baidu has released a new artificial intelligence software called WARP-CTC. The code is apparently capable of speech recognition, particularly for short segments, that exceeds human capability. The source code uses an approach called 'connectionist temporal classification' and has been released on GitHub.

colinneagle writes: One month after promising to release the JavaScript engine of its Edge browser, Microsoft has proven good for its word and then some. Not only is it releasing the code, it's planning a Linux port. The company uploaded the code to GitHub and announced its plans via a blog post by Gaurav Seth, principal PM manager for Chakra, which is what they're calling the JavaScript engine. "Today, we are excited to share with you that we've just made the sources for ChakraCore available under the MIT License at the ChakraCore GitHub repository," he wrote. "Going forward, we'll be developing the key components of Chakra in the open." With the release, you can build ChakraCore on Windows 7 SP1 or above with Visual Studio 2013 or 2015 with C++ support installed, Seth said. Of course, Edge is more than just the Chakra engine, but this could result in a back port to Windows 7. He also said Microsoft is committed to bringing it to other platforms, starting with Linux, and invited developers to "help us in the pursuit either by letting us know which other platforms they'd like to see ChakraCore supported on, or even by helping port it to the platform of their choice."

An anonymous reader writes: As promised, Microsoft has open-sourced the core components of Chakra, the company's JavaScript engine used in Microsoft Edge and Internet Explorer. The project, dubbed ChakraCore, has been released under the MIT License on GitHub. The official blog post reads in part: "The ChakraCore repository provides a fully supported and open-source standalone JavaScript engine, with the same characteristics as the Microsoft Edge’s Chakra engine, to embed in projects, innovate on top of and contribute back to. We will be accepting community contributions and input to ChakraCore. Once the changes from any pull request have been vetted, our goal is to ensure that all changes find their way to be shipped as a part of the JavaScript engine powering Microsoft Edge and the Universal Windows Platform on Windows 10."

An anonymous reader writes: A researcher has developed a smartwatch app that can interpret hand motions and translate the movements to specific keystrokes on 12-key keypads, like the ones used at ATMs. The app sends the data to a nearby smartphone, which then relays it to a server, for analysis. The whole AI algorithm on which it's built has a 73% accuracy for touchlogging events, and 59% for keylogging. The entire code is on GitHub, along with his research paper, and a YouTube video.

An anonymous reader writes: Since now you're going to either register your drone or have to be flying your [small drone] indoors anyway in the USA, you might as well celebrate the one freedom you still have: the freedom to re-flash the firmware with open source! The Eachine H8 is a typical-looking mini-quadcopter of the kind that sell for under $20. Inside, the whole show is powered by an ARM Cortex-M3 processor, with the programming pins easily visible. Who could resist? Garagedrone takes you through a step-by-step guide to re-flashing the device with a custom firmware to enable acrobatic mode, or simply to tweak the throttle-to-gyro mapping for the quad. The firmware author silverxxx from RCGroups.com even got the code up on GitHub if you're interested in taking a peek. Next step, Skynet!

An anonymous reader writes: When Apple made its Swift programming language open source in early December, it opened the floodgates for suggestions and requests from developers. But the project's maintainers have their own ideas about how the language should evolve, so some suggestions are rejected. Now a list has been compiled of some commonly rejected proposals — it's an interesting window into the development of a language. Swift's developers don't want to replace Brace Syntax with Python-style indentation. They don't want to change boolean operators from && and || to 'and' and 'or'. They don't want to rewrite the Swift compiler in Swift. They don't want to change certain keywords like 'continue' from their C precedents. And they have no interest in removing semicolons.

Earthquake Retrofit writes: A new Google Chrome extension lets you remove mentions of Donald Trump from your browsing experience. Trump Filter scans websites for references to the Republican presidential candidate, showing a blank void in the place of Trump-related content. "I am doing this out of a profound sense of annoyance and patriotic duty," the extension's creator, Rob Spectre, writes on the Trump Filter website. "[I was not] put up to this by the Republican or Democratic Parties, the Obama Administration, my mother or any other possible sphere of influence." Trump Filter's code is open source and can be found on GitHub.