Slashdot

Subscribe to Slashdot feed Slashdot
News for nerds, stuff that matters
Updated: 2 hours 53 min ago

Tech Companies Try Apprenticeships To Fill The Tech Skills Gap

Sat, 11/18/2017 - 16:34
Slashdot reader jonyen writes: For generations, apprenticeships have been the way of working life; master craftsmen taking apprentices under their wing, teaching them the tools of the trade. This declined during the Industrial Revolution as the advent of the assembly line enabled mass employment for unskilled laborers. The master-apprentice model went further out of focus as higher education and formal training became increasingly more valuable. Fast forward to the 21st century, where employers are turning back the page to apprenticeships in an effort to fill a growing skills gap in the labor force in the digital age. Code.org estimates there will be a million unfulfilled tech jobs by 2020. jonyen shared this article by IBM's Vice President of Talent:IBM is committed to addressing this shortage and recently launched an apprenticeship program registered with the US Department of Labor, with a plan to have 100 apprentices in 2018. ... Other firms have taken up the apprenticeship challenge as well. Salesforce CEO Marc Benioff, for example, has called for creating 5 million American apprentices in the next five years. An apprenticeship offers the chance for Americans to get the formal education they need, whether through a traditional university, a community college or a trade school, while getting something else: On-the-job experience and an income... Right now, there are more than 6 million jobs in the U.S. that are going unfilled because employers can't find candidates with the right skills, according to the Labor Department. IBM says their apprentices "are on their way to becoming software developers in our Cloud business and mainframe administrators for technologies like Blockchain, and we will add new apprenticeships in data analytics and cybersecurity as we replicate the program across the U.S." "Ninety-one percent of apprentices in the U.S. find employment after completing their program, and their average starting wage is above $60,000."

Read more of this story at Slashdot.

Could a Helium-Resistant Material Usher In an Age of Nuclear Fusion?

Sat, 11/18/2017 - 15:34
Researchers working with a team at the Los Alamos National Lab tested a new way to build material for nuclear fusion reactors, "and found that it could eliminate one of the obstacles preventing humanity from harnessing the power of fusion energy." schwit1 quotes Science Alert: A collaboration of engineers and researchers has found a way to prevent helium, a byproduct of the fusion reaction, from weakening nuclear fusion reactors. The secret is in building the reactors using nanocomposite solids that create channels through which the helium can escape... Not only does the fusion process expose reactors to extreme pressure and temperatures, helium -- the byproduct of fusion between hydrogen atoms -- adds to the strain placed on reactors by bubbling out into the materials and eventually weakening them... In a study published in the journal Science Advances, the researchers overview how they tested the behavior of helium in nanocomposite solids, materials made from thick metal layer stacks. They found that the helium didn't form bubbles in these nanocomposite solids like it did in traditionally used materials. Instead, it formed long, vein-like tunnels. "We were blown away by what we saw," said Demkowicz. "As you put more and more helium inside these nanocomposites, rather than destroying the material, the veins actually start to interconnect, resulting in kind of a vascular system." The article points out that nuclear fusion generates four times the energy of nuclear fission.

Read more of this story at Slashdot.

Facebook Open Sources Its Network Routing Platform Open/R

Sat, 11/18/2017 - 14:34
Facebook will open source its modular network routing software Open/R, currently used in its backbone and data center networks, which "provides a platform to disseminate state across the network and allows new applications to be built on top of it." An anonymous reader quotes TechCrunch: Facebook obviously has unique scale needs when it comes to running a network. It has billions of users doing real-time messaging and streaming content at a constant clip. As with so many things, Facebook found that running the network traffic using traditional protocols had its limits and it needed a new way to route traffic that didn't rely on the protocols of the past, Omar Baldonado, Engineering Director at Facebook explained... While it was originally developed for Facebook's Terragraph wireless backhaul network, the company soon recognized it could work on other networks too including the Facebook network backbone, and even in the middle of Facebook network, he said. Given the company's extreme traffic requirements where the conditions were changing so rapidly and was at such scale, they needed a new way to route traffic on the network. "We wanted to find per application, the best path, taking into account dynamic traffic conditions throughout the network," Baldonado said. But Facebook also recognized that it could only take this so far internally, and if they could work with partners and other network operators and hardware manufacturers, they could extend the capabilities of this tool. They are in fact working with other companies in this endeavor including Juniper and Arista networks, but by open sourcing the software, it allows developers to do things with it that Facebook might not have considered, and their engineering team finds that prospect both exciting and valuable. "Most protocols were initially designed based on constrained hardware and software environment assumptions from decades ago," Facebook said in its announcement. "To continue delivering rich, real-time, and highly engaging user experiences over networks, it's important to accelerate innovation in the routing domain."

Read more of this story at Slashdot.

EFF Beats 'Stupid' Patent Troll In Court

Sat, 11/18/2017 - 13:34
An Australian court can't make a California advocacy group take down a web page, a U.S. federal judge just ruled on Friday. Even if that web page calls a company's patents "stupid." Courthouse News reports: San Francisco-based Electronic Frontier Foundation sued Global Equity Management, or GEMSA, in April, claiming the Australian firm exploited its home country's weaker free speech protections to secure an unconstitutional injunction against EFF. Kurt Opsahl, EFF's deputy executive director and general counsel, hailed the ruling as a victory for free speech. "We knew all along the speech was protected by the First Amendment," Opsahl said in a phone interview Friday. "We were pleased to see the court agree." Opsahl said the ruling sends a strong message EFF and other speakers can weigh in on important topics, like patent reform, without fear of being muzzled by foreign court orders. The dispute stems from an article EFF published in June 2016, featuring GEMSA in its "Stupid Patent of the Month" series. The GEMSA patent is for a "virtual cabinet" to store data. In the article, EFF staff attorney Daniel Nazer called GEMSA a "classic patent troll" that uses its patent on graphic representations of data storage to sue "just about anyone who runs a website." The article also says GEMSA "appears to have no business other than patent litigation." The judge granted EFF a default judgment, saying the Australian court's injunction was not only unenforceable in the United States but also "repugnant" to the U. S. Constitution.

Read more of this story at Slashdot.

FOSS Community Criticizes SFLC over SFC Trademark War

Sat, 11/18/2017 - 12:34
Earlier this month Bruce Perens notified us that "the Software Freedom Law Center, a Linux-Foundation supported organization, has asked USPTO to cancel the trademark of the name of the Software Freedom Conservancy, an organization that assists and represents Free Software/Open Source developers." Now Slashdot reader curcuru -- director of the Apache Software Foundation -- writes: No matter how you look at it, this kind of lawsuit is a loss for software freedom and open source in general, since this kind of USPTO trademark petition (like a lawsuit) will tie up both organizations, leaving less time and funds to help FOSS projects. There's clearly more to the issue than the trademark issue; the many community members' blog posts make that clear. GNOME executive director Neil McGovern Apache Software Foundation director Shane Curcuru Google security developer Matthew Garrett Linux industry journalist Bryan Lunduke The key point in this USPTO lawsuit is that the legal aspects aren't actually important. What's most important is the community reaction: since SFLC and Conservancy are both non-profits who help serve free software communities, it's the community perception of what organizations to look to for help that matters. SFLC's attempt to take away the Conservancy's very name doesn't look good for them. Bryan Lunduke's video covers the whole case, including his investigation into the two organizations and their funding.

Read more of this story at Slashdot.

Is Firefox 57 Faster Than Chrome?

Sat, 11/18/2017 - 11:34
An anonymous reader quotes TechNewsWorld: Firefox is not only fast on startup -- it remains zippy even when taxed by multitudes of tabs. "We have a better balance of memory to performance than all the other browsers," said Firefox Vice President for Product Nick Nguyen. "We use 30 percent less memory, and the reason for that is we can allocate the number of processes Firefox uses on your computer based on the hardware that you have," he told TechNewsWorld. The performance improvements in Quantum could be a drink from the fountain of youth for many Firefox users' systems. "A significant number of our users are on machines that are two cores or less, and less than 4 gigabytes of RAM," Nguyen explained. Mashable ran JetStream 1.1 tests on the ability to run advanced web applications, and concluded that "Firefox comes out on top, but not by much. This means it's, according to JetStream, slightly better suited for 'advanced workloads and programming techniques.'" Firefox also performed better on "real-world speed tests" on Amazon.com and the New York Times' site, while Chrome performed better on National Geographic, CNN, and Mashable. Unfortunately for Mozilla, Chrome looks like it's keeping the top spot, at least for now. The only test that favors Quantum is JetStream, and that's by a hair. And in Ares-6 [which measures how quickly a browser can run new Javascript functions, including mathematical functions], Quantum gets eviscerated... Speedometer simulates user actions on web applications (specifically, adding items to a to-do list) and measures the time they take... When it comes to user interactions in web applications, Chrome takes the day... In reality, however, Quantum is no slug. It's a capable, fast, and gorgeous browser with innovative bookmark functionality and a library full of creative add-ons. As Mozilla's developers fine-tune Quantum in the coming months, it's possible it could catch up to Chrome. In the meantime, the differences in page-load time are slight at best; you probably won't notice the difference.

Read more of this story at Slashdot.

iPhone X Owners Experience 'Crackling' or 'Buzzing' Sounds From Earpiece Speaker

Sat, 11/18/2017 - 10:34
MacRumors reports: A limited but increasing number of iPhone X owners claim to be experiencing so-called "crackling" or "buzzing" sounds emanating from the device's front-facing earpiece speaker at high or max volumes. Over two dozen users have said they are affected in a MacRumors discussion topic about the matter, while similar reports have surfaced on Twitter and Reddit since the iPhone X launched just over a week ago. On affected devices, the crackling sounds occur with any kind of audio playback, including phone calls, music, videos with sound, alarms, and ringtones. The issue doesn't appear to be limited to any specific iPhone X configuration or iOS version. "The speakerphone for an $1100 phone should be at least as good as it was on the iPhone 6 and 7," complained one user, "but instead, it's crackly, edgy and buzzy." "I believe we all knew the iPhone X would be highly scrutinized," writes Slashdot reader sqorbit, "but the reported problems appear to be stacking up."

Read more of this story at Slashdot.

Study of 500,000 Teens Suggests Association Between Excessive Screen Time and Depression

Sat, 11/18/2017 - 09:00
An anonymous reader quotes a report from Motherboard: Depression and suicide rates in teenagers have jumped in the last decade -- doubling between 2007 and 2015 for girls -- and the trend suspiciously coincides with when smartphones became their constant companions. A recent study places their screen time around nine hours per day. Another study, published on Tuesday, suggests that suicide and depression could be connected to the rise of smartphones, and increased screen time. Around 58 percent more girls reported depression symptoms in 2015 than in 2009, and suicide rates rose 65 percent. Smack in the middle of that window of time, smartphones gained market saturation. In Twenge's new study, published in the journal Clinical Psychological Science, the researchers looked at two samples: a nationally representative survey by ongoing study "Monitoring the Future" out of the University of Michigan, which is administered annually to 8th, 10th, and 12th graders, and the Centers for Disease Control's Youth Risk Behavior Surveillance System, a sample of high school students administered by the CDC every other year. (Both surveys began in 1991.) Altogether, over 500,000 young people were included. The study authors examined trends in how teens used social media, the internet, electronic devices (including gaming systems and tablets), and smartphones, as well as how much time they spent doing non-screen activities like homework, playing sports, or socializing. Comparing these to publicly available data on mental health and suicide for these ages between 2010 and 2017 showed "a clear pattern linking screen activities with higher levels of depressive symptoms/suicide-related outcomes and non-screen activities with lower levels," the researchers wrote in the study. All activities involving screens were associated with higher levels of depression or suicide and suicidal thinking, and activities done away from a screen were not.

Read more of this story at Slashdot.

Walmart Says It's Preordered 15 of Tesla' New Semi Trucks

Sat, 11/18/2017 - 05:00
Soon after Tesla unveiled its new electric Semi Truck and Roadster 2.0, Walmart says it has preordered 15 of the trucks. The Verge notes that the deal was "likely in the works before Tesla unveiled its new truck to the public." From the report: The pilot is planned for the U.S. and Canada. Five of the preordered vehicles will be for Walmart's U.S. business, and 10 will be for its Canadian routes, the company said. Walmart's fleet has about 6,000 trucks. "We have a long history of testing new technology -- including alternative-fuel trucks -- and we are excited to be among the first to pilot this new heavy-duty electric vehicle," the company said in a statement. "We believe we can learn how this technology performs within our supply chain, as well as how it could help us meet some of our long-term sustainability goals, such as lowering emissions." Musk said the truck would enter production in 2019. JB Hunt Transport Services, a 56-year-old company based in Arkansas, also reserved "multiple" new Tesla trucks as well.

Read more of this story at Slashdot.

A Stable Plasma Ring Has Been Created In Open Air For the First Time Ever

Sat, 11/18/2017 - 02:00
New submitter mrcoder83 shares a report from Futurism: Engineers from the California Institute of Technology (Caltech) have been able to create a stable plasma ring without a container. According to the Caltech press release, it's "essentially capturing lightning in a bottle, but without the bottle." This remarkable feat was achieved using only a stream of water and a crystal plate, made from either quartz and lithium niobate. The union of these tools induced a type of contact electrification known as the triboelectric effect. The researchers blasted the crystal plate with an 85-micron-diameter jet of water (narrower than a human hair) from a specially designed nozzle. The water hit the crystal plate with a pressure of 632.7 kilograms of force per centimeter (9,000 pounds per square inch), generating an impact velocity of around 305 meters per second (1,000 feet per second) -- as fast as a bullet from a handgun. Plasma was formed as a result of the creation of an electric charge when the water hit the crystal surface. The flow of electrons from the point of contact ionizes the molecules and atoms in the gas area surrounding the water's surface, forming a donut-shaped glowing plasma that's dozens of microns in diameter. Caltech posted a video of the plasma ring on their YouTube channel.

Read more of this story at Slashdot.

The House's Tax Bill Levies a Tax On Graduate Student Tuition Waivers

Fri, 11/17/2017 - 22:30
Camel Pilot writes: The new GOP tax plan -- which just passed the House -- will tax tuition waivers as income. Graduate students working as research assistants on meager stipends would have to declare tuition waivers as income on the order of $80,000 income. This will force many graduate students of modest means to quit their career paths and walk away from their research. These are the next generation of scientists, engineers, inventors, educators, medical miracle workers and market makers. As Prof Claus Wilke points out: "This would be a disaster for U.S. STEM Ph.D. education." Slashdot reader Camel Pilot references a report via The New York Times, where Erin Rousseau explains how the House of Representatives' recently passed tax bill affects graduate research in the United States. Rousseau is a graduate student at M.I.T. who studies the neurological basis of mental health disorders. "My peers and I work between 40 and 80 hours a week as classroom teachers and laboratory researchers, and in return, our universities provide us with a tuition waiver for school. For M.I.T. students, this waiver keeps us from having to pay a tuition bill of about $50,000 every year -- a staggering amount, but one that is similar to the fees at many other colleges and universities," he writes. "No money from the tuition waivers actually ends up in our pockets, so under Section 117(d)(5), it isn't counted as taxable income." Rousseau continues by saying his tuition waivers will be taxed under the House's tax bill. "This means that M.I.T. graduate students would be responsible for paying taxes on an $80,000 annual salary, when we actually earn $33,000 a year. That's an increase of our tax burden by at least $10,000 annually."

Read more of this story at Slashdot.

'Robots Are Not Taking Over,' Says Head of UN Body of Autonomous Weapons

Fri, 11/17/2017 - 21:10
An anonymous reader writes: Robots are not taking over the world," the diplomat leading the first official talks on autonomous weapons assured on Friday, seeking to head off criticism over slow progress towards restricting the use of so-called "killer robots." The United Nations was wrapping up an initial five days of discussions on weapons systems that can identify and destroy targets without human control, which experts say will soon be battle ready. "Ladies and gentlemen, I have news for you: the robots are not taking over the world. Humans are still in charge," said India's disarmament ambassador, Amandeep Gill, who chaired the CCW meeting. "I think we have to be careful in not emotionalizing or dramatizing this issue," he told reporters in response to criticism about the speed of the conference's work. Twenty-two countries, mostly those with smaller military budgets and lesser technical knowhow, have called for an outright ban, arguing that automated weapons are by definition illegal as every individual decision to launch a strike must be made by a human. Gill underscored that banning killer robots, or even agreement on rules, remained a distant prospect.

Read more of this story at Slashdot.

Verizon: No 4G-Level Data Caps For 5G Home Service

Fri, 11/17/2017 - 20:30
Verizon recently announced that its upcoming 5G home internet service will not have the kinds of data limits you expect from current wireless services. It will reportedly be able to handle the average data load of a FiOS customer, and it won't be throttled down to 4G gigabyte caps. PC Magazine reports: Verizon has been trying out its new 5G home internet service for months. In a tour of its New Jersey lab, we got a closer look at the 5G antenna setup we saw at Mobile World Congress in February. It's a silver device the size of a paperback book, which connects to a Wi-Fi router with a display. You're supposed to put in a window facing Verizon's 5G service tower. In the test lab, engineer David Binczewski (below) showed us how the company is still working through the challenges of high-frequency, short-distance, millimeter-wave 5G -- most notably, how to penetrate various materials. In a chamber designed to test new 5G devices, he held up a piece of wood between a 5G emitter and a receiver, and we watched the signal fuzz out a bit on a nearby equipment screen. During a roundtable, VP of network support Mike Haberman, some other Verizon folks, and the assembled journalists agreed that an average data cap in the vicinity of 180GB/month would satisfy the average consumer. That's far more than Verizon's current 4G traffic management limit, where folks who use more than 22GB get sent to the back of the line if a tower is congested.

Read more of this story at Slashdot.

NVIDIA Launches Modded Collector's Edition Star Wars Titan Xp Graphics Card

Fri, 11/17/2017 - 19:50
MojoKid writes: NVIDIA just launched its fastest graphics card yet and this GPU is targeted at Star Wars fans. In concert with EA's official launch today of Star Wars Battlefront II, NVIDIA unveiled the new Star Wars Titan Xp Collector's Edition graphics card for enthusiast gamers. There are two versions of the cards available -- the Galactic Empire version and a Jedi Order version. Both of the cards feature customized coolers, shrouds, and lighting, designed to mimic the look of a lightsaber. They also ship in specialized packaging that can be used to showcase the cards if they're not installed in a system. The GPU powering the TITAN Xp Collector's Edition has a base clock of 1,481MHz and a boost clock of 1,582MHz. It's packing a fully-enabled NVIDIA GP102 GPU with 3,840 cores and 12GB of GDDR5X memory clocked at 5.5GHz for an effective data rate of 11Gbps, resulting in 547.2GB/s of peak memory bandwidth. At those clocks, the card also offers a peak texture fillrate of 379.75 GigaTexels/s and 12.1TFLOPs of FP32 compute performance, which is significantly higher than a GeForce GTX 1080 Ti. In the benchmarks, it's the fastest GPU out there right now (it better be for $1200), but this card is more about nostalgia and the design customizations NVIDIA made to the cards that should appeal to gamers and Star Wars fans alike.

Read more of this story at Slashdot.

Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets

Fri, 11/17/2017 - 19:10
An anonymous reader quotes a report from The Register: Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages -- all scraped from around the world by the U.S. military to identify and profile persons of interest. The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive. CENTCOM is the common abbreviation for the U.S. Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for U.S. Pacific Command, covering the rest of southern Asia, China and Australasia. "For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate." Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens. The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the U.S. government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

Read more of this story at Slashdot.

FCC Approves Next-Gen ATSC 3.0 TV Standard

Fri, 11/17/2017 - 18:30
New submitter mikeebbbd writes: "U.S. regulators on Thursday approved the use of new technology that will improve picture quality on mobile phones, tablets and television, but also raises significant privacy concerns by giving advertisers dramatically more data about viewing habits," reports Reuters. ATSC3.0 will apparently make personal data collection and targeted ads possible. New TVs will be necessary, and broadcasters will need to transmit both ATSC 2.0 (the current standard) for 3 to 5 years before turning off the older system. For now, the conversion is voluntary. There appears to be no requirement (as there was when ATSC 2.0 came out) for low-cost adapter boxes to make older TVs work; once a channel goes ATSC 3.0-only, your old TV will not display it any more.

Read more of this story at Slashdot.

Apple's HomePod Gets Delayed Until 2018

Fri, 11/17/2017 - 17:50
Apple has reportedly delayed the release of its HomePod smart speaker until 2018. In a statement to The Verge, Apple says that it needs more time to work on the device. "We can't wait for people to experience HomePod, Apple's breakthrough wireless speaker for the home, but we need a little more time before it's ready for our customers," an Apple spokesperson said. "We'll start shipping in the U.S., UK and Australia in early 2018." From the report: The speaker was originally set to be released in December. Priced at $349, the HomePod is slated to take on higher-end sound systems like Sonos, as well as smart assistants like the Amazon Echo and Google Home. The cylindrical speaker features a seven-speaker array of tweeters, a four-inch subwoofer, and a six-microphone array, which puts it right on par spec-wise with the best speakers in its price range, but where it may fall short is Siri, which isn't really in the same class as Alexa or Google Assistant. That challenge is likely why Apple's focus at the launch of the HomePod back at WWDC in June was music first and smart features second.

Read more of this story at Slashdot.

Microsoft and GitHub Team Up To Take Git Virtual File System To MacOS, Linux

Fri, 11/17/2017 - 17:10
An anonymous reader writes: One of the more surprising stories of the past year was Microsoft's announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client. That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux. Microsoft says that, so far, about half of its modifications have been accepted upstream, with upstream Git developers broadly approving of the approach the company has taken to improve the software's scaling. Redmond also says that it has been willing to make changes to its approach to satisfy the demands of upstream Git. The biggest complexity is that Git has a very conservative approach to compatibility, requiring that repositories remain compatible across versions. Microsoft and GitHub are also working to bring similar capabilities to other platforms, with macOS coming first, and later Linux. The obvious way to do this on both systems is to use FUSE, an infrastructure for building file systems that run in user mode rather than kernel mode (desirable because user-mode development is easier and safer than kernel mode). However, the companies have discovered that FUSE isn't fast enough for this -- a lesson Dropbox also learned when developing a similar capability, Project Infinite. Currently, the companies believe that tapping into a macOS extensibility mechanism called Kauth (or KAuth) will be the best way forward.

Read more of this story at Slashdot.

Even New Phones Are No Longer Guaranteed To Have the Latest Version of Android

Fri, 11/17/2017 - 16:30
Vlad Savov, writing for The Verge: The OnePlus 5T and Razer Phone are two fundamentally different devices, which are nonetheless united by one unfortunate downside: both of them are going on sale this month without the latest version of Android on board. OnePlus will tell you that this issue is down to its extremely stringent testing process, while Razer offers a similar boilerplate about working as fast as possible to deliver Android Oreo. But we're now three months removed from Google's grand Oreo launch, timed to coincide with this summer's total eclipse, and all of these excuses are starting to ring hollow. Why do Android companies think they can ship new devices without the latest and best version of the operating system on board? The notorious fragmentation problem with Android has always been that not every device gets the latest update at the same time, and many devices get stuck on older software without ever seeing an update at all. What's changed now is that the "one version behind the newest and best" phenomenon is starting to infect brand new phones as well. The 5T and Razer Phone are just two examples; there's also Xiaomi, which just launched its Mi Mix 2 in Spain with 2016's Android Nougat as the operating system.

Read more of this story at Slashdot.

Windows 8 and Later Fail To Properly Apply ASLR

Fri, 11/17/2017 - 15:50
An anonymous reader writes: Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to properly apply ASLR, rendering this crucial Windows security feature useless. The bug appeared when Microsoft changed a registry value in Windows 8 and occurs only in certain ASLR configuration modes. Basically, if users have enabled system-wide ASLR protection turned on, a bug in ASLR's implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations. For ASLR to work properly, users must configure it to work in a system-wide bottom-up mode. An official patch from Microsoft is not available yet, but a registry hack can be applied to make sure ASLR starts in the correct mode. The bug was discovered by CERT vulnerability analyst Will Dormann while investigating a 17-years-old bug in the Microsoft Office equation editor, to which Microsoft appears to have lost the source code and needed to patch it manually.

Read more of this story at Slashdot.

Pages