Announcement

USA software 18 articles, created at 2016-09-26 06:00

1 Node.js v7 Beta Brings Canary in a Gold Mine The Node.js Foundation have released the v7 beta for Node.js. Its release coincides w ith v6 becoming the foundation's second LTS release, w here its life w ill continue under Active LTS and Maintenance until April 2019. 2016-09-25 22:00 3KB www.infoq.com

2 Researcher Raises Privacy Concerns Regarding W3C Proximity Sensor API W3C recently released the first draft of the Proximity Sensor API based on the Generic Sensor API specification. Researcher and W3C Invited Expert Lukasz Olejnik has raised privacy a few concerns regarding the W3C Proximity Sensor API, specifically that it could be used for user fingerprinting. 2016-09-25 21:25 3KB feedproxy.google.com

3 Apple done nothing wrong Having read the European Commission’s original ruling, some prior rulings, the Treasury's w hite paper about the European Commission’s actions and a lot of.. 2016-09-25 21:00 5KB feedproxy.google.com

4 Swiss Vote to Give Their Government More Spying Powers Sw iss approve new surveillance law w ith 66.5% majority 2016-09-25 20:30 2KB news.softpedia.com

5 Parsix GNU/Linux 8.10 "Erik" Gets the Latest Security Fixes, Update Now Parsix GNU/ 8.5 "Atticus" also received new updates 2016-09-25 20:20 2KB news.softpedia.com

6 Food delivery startup Deliveroo expands with Business tier for corporate accounts Fresh from raising $275 million this August at around a $1 billion valuation, Deliveroo is now taking the next step in its bid to corner the market in Europe.. 2016-09-25 19:51 5KB feedproxy.google.com

7 Australia must take cyber security opportunity Australia may never be able to create an IT industry like that in the US, but it can lead in cyber security 2016-09-25 19:05 2KB www.computerweekly.com

8 LXQt 0.11.0 Arrives After Almost One Year of Development Brings many updated components and technologies 2016-09-25 18:40 2KB news.softpedia.com

9 Krebs Back Online After Getting Help from Google's Project Shield Apparently Google's Project Shield is not just a PR stunt 2016-09-25 18:30 2KB news.softpedia.com 10 Blue Bottle Coffee is raising another big round of funding The coffee w ars of San Francisco are back on! We're now hearing from sources that Blue Bottle is raising a big round of financing a little more than a year.. 2016-09-25 18:24 4KB feedproxy.google.com

11 Super Mario Clone SuperTux 0.5.0 Is Out with In-Game Level Editor, Improvements The Forest Island and Antarctica levels w ere updated 2016-09-25 18:10 2KB news.softpedia.com

12 wattOS 10 Microwatt Edition Comes with Less of Everything, Based on 16.04 It lets users create their ow n personal w attOS system 2016-09-25 17:40 2KB news.softpedia.com

13 Can’t wear Snap sunglasses at night Unless you plan on bumping into stuff, don't expect to record after-dark concerts and parties on your Snap Inc Spectacles. The company formerly know n as.. 2016-09-25 17:33 2KB feedproxy.google.com

14 Over 850,000 Devices Affected by Unpatched Cisco Zero-Day Lots of critical equipment vulnerable to BENINGCERTAIN 0-day 2016-09-25 17:30 2KB news.softpedia.com

15 Linux Kernel 4.7.5 Released with Numerous ARM and Networking Improvements All users of the Linux 4.7 kernel series must upgrade 2016-09-25 17:25 2KB news.softpedia.com

16 Two in Five Sysadmins (Are Crazy) Store Admin Passwords in Word Files Some system administrators just need to get fired 2016-09-25 17:25 2KB news.softpedia.com

17 Antivirus Live CD 20.0-0.99.2 Uses ClamAV 0.99.2 to Protect Your PC from Viruses It is based on the 4MLinux 20.0 operating system 2016-09-25 17:10 2KB linux.softpedia.com

18 How to pull workers back from the brink of burnout Work/life balance in startup culture is total BS. And you are probably part of the problem. Until you say “enough” -- and fight back, stand up and resist.. 2016-09-25 17:00 6KB feedproxy.google.com Articles

USA software 18 articles, created at 2016-09-26 06:00

1 /18 Node.js v7 Beta Brings Canary in a Gold Mine The Node.js Foundation have released the v7 beta for Node.js. Its release coincides with v6 becoming the foundation's second LTS release, where its life will continue under Active LTS and Maintenance until April 2019.

Rod Vagg, chairperson for the Node.js Technical Steering Committee, told InfoQ:

The key focus for v7 is to make sure modules in the ecosystem are keeping up with Node Core. The Node.js Core Technical Steering Committee has identified 68 of the most dependent Node.js modules in the ecosystem, and is using a technology called Canary in the Gold Mine (citgm) to ensure that when updates happen with Node.js versioning, modules won't break.

Citgm is a smoke testing utility that automates running unit tests of various various modules in the node.js ecosystem. It has been incredibly successful, finding all sorts of regressions across the ecosystem and in Node core itself.

Vagg describes modules as being "essential" to the Node.js ecosystem, and attributes it to the pace of technology in recent years, with the Node.js ecosystem being the largest and among the fastest growing, with more than 320,000 npm modules.

Among the notable changes to Node.js v6.6 are a commit to re-add crypto.timingSafeEqual , as well as making the "max event listeners" memory leak warning more accessible and unhandled rejections now emitting a process warning after the first tick.

Announcing security updates for all of its active release lines, the foundation reported a list of vulnerabilities affecting Node.js. Among these are CVE-2016-2183: SWEET32 Mitigation.

" SWEET32 is a new attack on older block cipher algorithms that use a block size of 64 bits," Vagg said. "OpenSSL has moved DES-based ciphers from the HIGH to MEDIUM group. As Node.js includes HIGH , but not MEDIUM , in its default suite, affected ciphers are no longer included unless the default suite is not used. " This vulernability, while not considered critical, all versions of Node.js are affected.

Also affecting all versions of Node.js is CVE-2016-6304: OCSP Status Request extension unbounded memory growth , considered to be a flaw of high severity. The vulnerability allows a malicious client to exhaust a server's memory, resulting in a DoS by sending very large OCSP Status Request extensions in a single session. Node.js servers using TLS are vulnerable.

Node.js v5 reached the end of its natural life after two months in Maintenance mode in June 2016. V6 will become the second LTS release for Node.js in October, with the release of V7.

2016-09-25 22:00 James Chesters www.infoq.com

2 /18 Researcher Raises Privacy Concerns Regarding W3C Proximity Sensor API In June of this year, W3C released the first draft of the Proximity Sensor API based on the Generic Sensor API specification. The W3C Generic Sensor API specification aims to define a framework for exposing sensor data and promote consistency across sensor APIs. The Proximity Sensor API specification has been updated so that it extends the Generic Sensor API providing data about the proximity level and defining a sensor interface for detecting nearby objects and reporting their distance (proximity to the device) in centimeters.

Lukasz Olejnik, a security and privacy consultant, researcher, and W3C Invited Expert, recently published a blog post raising privacy concerns regarding the updated draft of the W3C Proximity Sensor API, the draft based on the Generic Sensor API. Olejnik suggests that it is possible for a malicious attacker to use the W3C Proximity Sensor API to obtain behavioral information about individual users which can then be used for user fingerprinting. He makes several recommendations in regards to the issue of fingerprinting e.g. the device should be able to alert users in the event proximity sensor data is accessed by a website and that proximity sensors should be subject to user permissions.

About a month ago the W3C released an updated working draft of the Generic Sensor API that includes security and privacy considerations such as user fingerprinting. The draft says that when sensors are used together along with other functionality, privacy risks can arise such as "correlation of data and user identification through fingerprinting. " The draft also mentions the need for developers to enable user permissions when it comes to sensors: "User agents should consider providing the user an indication of when the sensor is used and allowing the user to disable it. "

There is also an interesting paper on the Cornell University Library arXiv site titled "Stealing PINs via Mobile Sensors: Actual Risk versus User Perception. " The research paper takes a look at using JavaScript-based code, mobile sensors, and an artificial neural network to successfully steal user PINs on mobile devices.

Clearly developers need to take into consideration user privacy and security when creating applications and websites that utilize mobile sensors and specifications like the W3C Proximity Sensor API.

For more information about the W3C Proximity Sensor API, visit the W3C Editor's Draft on GitHub or the current working draft on the official W3C website .

2016-09-25 21:25 By feedproxy.google.com

3 /18 Apple done nothing wrong Having read the European Commission’s original ruling, some prior rulings, the Treasury’s white paper about the European Commission’s actions and a lot of analysis in the tax community, in my opinion, the EC is over-reaching in their decision on Apple.

The European Commission is basing their argument on Apple receiving illegal state aid, which requires a determination that an advantage received by one or more select companies has not been made available across the board. They specifically take issue with two so- called “advanced pricing agreements” between Ireland’s tax authority and Apple over how Apple sets inter-company transfer prices among its subsidiaries that interact with Irish operations. These inter-company prices determine how much taxable profit gets allocated to Ireland.

However, any company can request one of these agreements, and many have. In fact, as of 2014, there were more than 750 advanced pricing agreements in place among all EU member states, and nearly as many being requested by companies. Therefore, this benefit is not “selective,” and, furthermore, not an issue specific to Ireland or Apple.

More generally, every EU member state has the autonomy to set and administer its own transfer pricing rules and tax policy. Case in point: Ireland did not even have transfer pricing rules in place until 2010. This means that up to 2010, there is no set of rules that the EC can cite as being discriminately applied to Apple versus everyone else to provide the firm with a selective advantage. After 2010, Ireland’s revenue authority, which is charged with making sure that the transfer pricing rules set by Ireland are being appropriately applied, asserts that Apple allocated profits in a manner consistent with the rules that applied to everyone.

Finally, while the nuances of Apple’s structure may be unique to Apple, it is certainly not the only company using these types of transfer pricing arrangements to yield a similar result of reducing the amount of taxable income recorded in the EU.

Like it or not, these companies are following the letter of the law — and the same laws are being applied to all companies. It’s clear the EC doesn’t like the result, but the answer has to be greater coordination among member states to close differences in tax rules across countries that companies like Apple can legally exploit.

Many, including officials in Ireland’s Ministry of Finance, have argued that it is not Ireland’s tax policies that are to blame for the tax practices of U. S. multinationals like Apple, but rather those of the U. S. The U. S. tax policy is to tax all worldwide income of U. S. corporations, regardless of where it is earned. However, a deferral provision allows companies to delay tax payment on foreign income until it is repatriated back to the U. S. There is no question this tax policy creates a strong incentive for companies like Apple to report as much of their global income as possible in low-tax, foreign jurisdictions, such as Ireland and Bermuda, and to keep it there.

In 2004, the U. S. passed the American Jobs Creation Act, which allowed U. S. multinationals to repatriate qualifying cash dividends at an 85 percent tax discount. That is, instead of paying the difference between foreign income taxes paid and the U. S. tax rate of 35 percent, repatriating firms paid only 15 percent of the normal tax bill.

This dramatic, temporary change in U. S. tax policy was enacted to stimulate a recovering U. S. economy. By reducing the cost of repatriation, Congress hoped multinationals would bring home their locked-out foreign cash and invest it domestically. It worked in the sense that more than $300 billion was repatriated under this legislation, but evidence on whether the funds were invested as intended is mixed at best. Further, recent research suggests that this one-time, temporary tax holiday actually may have made matters worse, afterwards incentivizing firms to hoard even more foreign cash in hopes of steering Congress toward a second future repatriation tax holiday.

Moving forward, there are a host of proposals on the table that could change the tax landscape for U. S. multinationals like Apple. Many lawmakers call for making the repatriation tax holiday effectively permanent, either by moving the U. S. to a territorial tax system favored by most of the world or to a system that taxes all foreign income immediately at a lower rate. So far the only thing both sides of the aisle in Washington can agree on is that the current system is “broken.” There is little consensus over how to fix it, and evidently little incentive for lawmakers to even try until after our upcoming presidential election in November. Stay tuned.

2016-09-25 21:00 Lisa De feedproxy.google.com

4 /18 Swiss Vote to Give Their Government More Spying Powers Last year, the country's parliament passed a law that allowed its secret service, FIS (Federal Intelligence Service), more powers to snoop on emails, tap phones, or use hidden cameras and microphones.

Such technologies and investigative procedures are common practice in other countries, but they have been outlawed by the strict Swiss government.

The law, which the government argued it was needed after the devastating Paris ISIS attacks, was contested by privacy groups and the Swiss leftist political parties, which delayed its implementation and forced it into a country-wide referendum that took place this Sunday.

The Swiss population made their voice heard over the weekend and concerned with the ever- increasing threat from terrorist groups have voted to sacrifice some of their privacy for the sake of security.

Switzerland, next to Germany and the northern Scandinavian countries, has some of the strictest privacy laws in Europe. So much so that it took Google years to get permission to map out the country via its Street View service.

FIS, who handles both internal and external cyber-espionage operations, will need special authorization from a court, the defense ministry, and the cabinet if they are to launch internal surveillance operations.

According to SwissInfo , opponents of this law struggled in winning the older generation on their side, who mostly voted for the new surveillance laws.

The publication also noted the little attention the campaign got in the media, with most of the attention focusing on another topic included in the three-vote referendum, related to a 10 percent boost to the country's old age pension fund. The population voted against an increase of the pension fund just because it would add an extra strain on the state's budget. The third issue was related to Switzerland increasing its green economy, which citizens also voted down.

2016-09-25 20:30 Catalin Cimpanu news.softpedia.com

5 /18 Parsix GNU/Linux 8.10 "Erik" Gets the Latest Debian Security Fixes, Update Now Parsix GNU/Linux 8.10 "Erik" is currently the latest, most advanced version of the distribution, and it's based on the stable Debian GNU/Linux 8 "Jessie" series, which means that it always receives its newest security and software updates as soon as they are released upstream.

The last update for Parsix GNU/Linux 8.10 "Erik" was on August 29, and since then many important applications and components have been updated, including Mozilla Firefox ESR, ImageMagick, OpenSSL, Irssi, libarchive, Wireshark, Apache Tomcat, Mailman, Chromium, MySQL, Xen, libidn, and Linux kernel.

In addition to the security updates mentioned above, Parsix GNU/Linux 8.10 "Erik" also received new, improved versions of the InspIRCd IRC daemon., Charybdis IRC server, PowerDNS DNS software, Tryton high-level general purpose application platform, unADF unzip-like tool for. ADF files, and OpenJPEG 2 open-source JPEG 2000 codec.

Therefore, you need to update your system as soon as possible. All the details about the new Debian security updates that have just landed in the Parsix GNU/Linux 8.10 "Erik" repositories are available at http://www.parsix.org/wiki/Security , where you'll also learn how to keep your Parsix installation up to date and secure at all times.

In related news, the Parsix GNU/Linux team informs the community that the Parsix GNU/Linux 8.5 "Atticus" release also received the security and software updates mentioned above, and reminds them that the distro will reach end of life at the end of the month, on September 30, 2016, so you better upgrade to the Erik release soon!

2016-09-25 20:20 Marius Nestor news.softpedia.com

6 /18 Food delivery startup Deliveroo expands with Business tier for corporate accounts Fresh from raising $275 million this August at around a $1 billion valuation, Deliveroo is now taking the next step in its bid to corner the market in Europe and other markets for high-end, high-concept restaurant food delivery; and turn the Deliveroo business profitable in the process. The startup is launching a new service catering specifically for the corporate market, Deliveroo for Business , which lets companies create corporate accounts with customised settings to control how their employees can use the app to order food at the office.

The service is going live in all across the 100 markets where Deliveroo is active, the company said.

Early customers that are already using the service include the European offices for Eventbrite and Survey Monkey, as well as Innocent Drinks and British Land. “Deliveroo has already gained the loyalty of the world’s largest banking, law, media, and technology firms due to their ability to provide a uniform service across the globe,” the company said.

Deliveroo’s decision to move into the business market is much like Uber’s move in 2014 to launch Uber for Business .

At its most basic, it is playing to how people are already using Deliveroo (and competing services) today. There are already many people ordering food to be delivered to offices during the day, as well as after hours, with much of that food getting expensed. Deliveroo has created a product that will help companies get that practice under some kind of control, which could also potentially mean that Deliveroo starts to get used more regularly in those business environments, too.

“We’ve seen huge demand for delivery to offices and work spaces, with a huge amount of variation and choice delivered to each one,” said Christine Oddy, who heads up Deliveroo for Business. “We wanted to provide a comprehensive service for businesses to operate this offering to employees and clients with minimal admin for the company.”

There are a number of food delivery services that Deliveroo competes against today, from established players like Just-Eat and Delivery Hero (and their many affiliate brands) that offer a range of takeaway options, through to newer entrants that are aiming very much at the same market as Deliveroo, like Amazon Restaurants and Uber’s UberEats .

And more directly in the area of catering meals specifically to business locations, there are local players like Rocket Internet’s CaterWings and the recently-launched City Pantry in the UK.

Deliveroo’s new business service essentially will bring together strands of all of these businesses: as you can do already on Deliveroo, users will be able to order from a selection of restaurants.

On top of this, companies can work with account managers to cater larger meals to their offices as well, targeting not only special events, but also businesses that do not have in-house cafeterias but would like to offer their employees the option of meals on-site.

The fact that this is a corporate service with a dedicated account manager and options to set different parameters for users, spend, time and geography implies also that Deliveroo will be charging a higher fee for Deliveroo for Business, which could also help the company with its overall margins.

And in Deliveroo’s case, margins are an especially important detail, considering that the company is not yet profitable globally; that the food delivery business is massively capital intensive; and that it is even more costly because of the heavy competition Deliveroo is facing. Deliveroo would not comment on specific pricing for the service, except to note that it charges an administration fee for business accounts.

Another way that this will help with Deliveroo’s margins is that it’s adding another service to the company’s wider platform.

While Postmates in the U. S. has chosen to expand its business by way of deals with much larger suppliers (like Starbucks) and opening up its API for third-party businesses to tap into its logistics and delivery network, Deliveroo has grown by expanding the volume food and beverage products that it delivers itself.

That’s led it to launch and run a B2B remote kitchen service called RooBox , giving restaurants access to delivery-only kitchens high density locations; and a new feature for alcohol delivery .

The company is not disclosing any revenue figures except to note that revenues have grown 400 percent since November 2015 and that it is profitable in several (but not all) of its markets. The company today is live in 12 countries: Australia, Belgium, France, Germany, Hong Kong, Italy, Ireland, Netherlands, Singapore, Spain, United Arab Emirates and the United Kingdom.

2016-09-25 19:51 Ingrid Lunden feedproxy.google.com

7 /18 Australia must take cyber security opportunity Australia has a once-in-a-generation opportunity to develop a strong and internationally competitive cyber security sector.

Speaking at the inaugural SINET61 Summit in Sydney – which brought together industry, academics, policy makers and corporate users – Alastair MacGibbon, special advisor to the prime minister on cyber security, acknowledged that Australia can't create a Silicon Valley, so should instead focus on creating “boomerang businesses” which go offshore to build scale and experience, but with solid local foundations to ensure that they return.

To that end Data61, which is the combination of the National ICT Australia body and the ICT arm of the Commonwealth Scientific and Industrial Research Organisation (CSIRO), is spearheading the Cyber Security Industry Growth Centre. Funded to the tune of AUD30m through to 2019-20, the Cyber Growth Centre is intended to bring together researchers, the government and industry to build businesses able to tap into the international cyber security market, which it estimates is worth $71bn a year and growing 8% annually.

Adrian Turner, CEO of Data61 and joint chair of the Cyber Growth Centre, told delegates at SINET61 that the organisation had completed industry consultation and submitted its business plan to the government. He expects to formally kick off operations in the next few weeks, with the intent to become the peak industry-led body for cyber security in the country.

Turner said that the intent of the centre was to help keep Australia “cyber-safe” while creating a vibrant domestic – but globally competitive – industry. “Cyber is a tech issue but it's a business continuity issue first, as every part of economy becomes data driven,” he said.

SINET61 is the Australian chapter of the emerging global SINET community which receives support from the US Department of Homeland Security. The community, which is also active in Europe, is intended to spur innovation and support global collaboration between both public and private sectors to defeat cyber security threats.

2016-09-25 19:05 www.computerweekly.com

8 /18 LXQt 0.11.0 Desktop Environment Arrives After Almost One Year of Development That's right, LXQt 0.11.0 is finally here as a worthy upgrade to LXQt 0.10.0, which was announced back in November 2015 and currently used in several GNU/Linux distributions. For those of you that are not in the loop with the latest LXQt news, we would like to remind them that the desktop environment wants to replace the GTK-based LXDE (Lightweight X11 Desktop Environment) sometime in the near future.

"The release took longer than desirable for various reasons, but preparations were made to improve the release management as a whole. Releases will take place more frequently in the future, both regular ones and point releases, backporting important fixes whenever it makes sense. Probably we will not introduce a fixed release schedule like once every six months though, as this wouldn’t fit the development of LXQt," said the devs.

Prominent new features of the LXQt 0.11.0 desktop environment include a much-improved user experience, the use of a specific configuration file (e.g. ~/.config/openbox/lxqt-rc.xml) when using LXQt under the Openbox window manager, multi-monitor support for the LXQt Panel, a new tool for adjusting the brightness of your display, revamped PCManFM-Qt file manager, and pavucontrol-Qt, a new tool to configure the PulseAudio sound system.

The LXQt 0.11.0 desktop environment is available for download right now via our website as a source archive that you'll need to compile on your GNU/Linux operating system, but it can also be found in the software repositories of many popular distros, including Ubuntu, , openSUSE, Debian, Fedora, OpenMandriva, Gentoo, Chakra, ALT Linux, and .

2016-09-25 18:40 Marius Nestor news.softpedia.com

9 /18 Krebs Back Online After Getting Help from Google's Project Shield Launched in February 2016 , Project Shield is Google initiative that aims to provide technical support for smaller news organizations, human rights, and/or elections monitoring services.

One of the services Project Shield provides is free DDoS protection, which Krebs desperately needed and that can easily cost a company or individual anywhere above $100,000 per year.

For years Krebs, a famous investigative journalist who has exposed many cyber-crime campaigns, has benefited from free DDoS protection from Prolexic, a company later acquired by Akamai, who also honored this deal.

After Krebs exposed vDos, the Internet's most popular DDoS-for-Hire service, his site was under a barrage of DDoS attacks for weeks.

For the first hours, the attacks were small and even grew to 128 Gbps after a day. After ten days, the attacks reached mammoth levels, easily becoming the largest DDoS attack ever recorded at 620 Gbps.

Two days after this mammoth DDoS attack hit, Akamai fended off the malicious traffic. But things eventually started breaking down, and the company started having technical problems that affected the operational service of its paying customers. As such, on Wednesday, the company unloaded Krebs' blog off their network. Krebs said he holds no grudge against Akamai for protecting its true customers.

Since he knew his ISP couldn't handle all the traffic, Krebs took down his website for good, trying to avoid problems for innocent third-parties.

Other DDoS mitigation services offered their help, but Krebs said that they only granted him two-three weeks of free protection, after which he needed to pay like all the other regular customers, a cost he couldn't afford.

That's where Google stepped in to help, with a project that seemed like a PR stunt when it was first launched in February, but now has come to show its true worth.

2016-09-25 18:30 Catalin Cimpanu news.softpedia.com

10 /18 Blue Bottle Coffee is raising another big round of funding The coffee wars of San Francisco are back on!

We’re now hearing from sources that Blue Bottle is raising a big round of financing a little more than a year after it raised a whopping $75 million. We don’t know the exact amount, but given the immense (and at times odd) interest in coffee from investors in Silicon Valley, it wouldn’t be surprising if it would be approaching or matching that previous value. Silicon Valley’s — and San Francisco’s — adoration of coffee knows no bounds, and that extends even to the investor community, with tens of millions of dollars being poured into companies like Blue Bottle Coffee and Philz.

So, let’s get this out of the way before anything else: Coffee! COFFEE! COFFEE!

Silicon Valley is known for plenty unusual investments, anywhere from alternative food products to space exploration, and the coffee industry is certainly no exception. But there’s logic to it: there’s a huge coffee market and a near-perfect comparable in the market, with Starbucks hanging out at an $80 billion valuation. For any coffee company, capturing even a fracture of that market already means the company has hit unicorn status. And, of course, it also means there’s a natural acquirer for these companies.

So, let’s review a few previous large financing rounds for coffee:

That’s also not including the money Sightglass Coffee has raised over time, from what we understand. (Square CEO Jack Dorsey is an investor in it, which has been sort of openly-known in the Bay Area.)

Blue Bottle has been aggressively opening stores around the country, from a roastery-slash- coffee shop in the (previously) hipster Williamsburg neighborhood in Brooklyn to Apple Store- esque franchises in downtown San Francisco (the waffles are pretty good). For any spot where there exists a Starbucks, there’s naturally a slot for another competing coffee shop — especially if they can offer better coffee or at least a better retail experience.

Starbucks is also in a unique position from an optics standpoint, as the company has grown so large and now that it faces the scrutiny of public investors has to find ways to deliver results to Wall Street. That could mean putting pressure on bean sourcing, and Blue Bottle with its higher prices may in the end be able to source better beans or cultivate a perception of having a more favorable supply chain (if not already having one).

Blue Bottle, too, is finding itself with new potential revenue streams in the form of distributing its New Orleans style ice coffee — packaged in a cute little milk carton that you might have had during elementary school — and cold brew coffee, as well as selling beans. Sightglass, too, sells beans, as do other emerging coffee shops like Ritual. All this is turning the coffee market (at least in the San Francisco Bay Area) into an incredibly competitive space, with only a small number of hipsters to really tap until the companies find a way to break into the mainstream.

(Okay, maybe you like it and you’re not a hipster — point taken.)

In Blue Bottle’s case, as it expands its retail footprint, it’s going to have to eventually look at international markets. While Blue Bottle has certainly built up a strong brand around the coffee elite, it needs to convince the world outside of caffeine-crazed metropolitan areas that it’s a better option that Starbucks. That’ll be doubly difficult internationally, especially in areas where coffee is more of a product of necessity than something that fits in the same artisanal vein of good wine or food.

At the end of the day, it doesn’t seem like coffee is a bad market to go after. In fact, with Starbucks alone, it seems like a plenty large market that could even support multiple artisanal coffee shops and roasters that distribute beans and other coffee-related products around the world. The challenge is going to be expanding retail footprints and figuring out the distribution, which of course is going to require a lot of capital.

In the end, of course, we all win, because coffee is great and better coffee is more great.

Representatives from Blue Bottle and Sightglass did not immediately respond to a request for comment.

2016-09-25 18:24 Matthew Lynley feedproxy.google.com

11 /18 Super Mario Clone SuperTux 0.5.0 Is Out with In-Game Level Editor, Improvements SuperTux 0.5.0 is now the latest version of the game and it's here after being in development for the last nine months, during which it received a total of five RC (Release Candidate) builds implementing the features listed below for your reading pleasure.

"The most prominent change for this release is a new in-game level editor which allows you to create levels and worldmaps on-the-fly from within SuperTux itself. We would like to apologize for publishing the 0.4.0 release with a large number of issues," says Max Teufel in today's release announcement .

Yes, that's right, as Mr. Teufel revealed above, the biggest new feature of the SuperTux 0.5.0 update is a new in-game level editor that lets you create your own levels or modify exiting ones to your liking. The in-game level editor also promises to allow players to create worldmaps on- the-fly.

Other exciting new features introduced in SuperTux 0.5.0 include significant updates to the Forest Island and Antarctica levels, much-needed performance improvements to the game engine, support for scriptable gradients, various fixes to the language packs, as well as new music and more tiles.

Last but not least, SuperTux 0.5.0 comes with a bunch of brand new command-line options and commands that appear to be related to the in-game level editor, and some other minor, yet useful improvements. Of course, many of the issues reported by users since SuperTux 0.4.0 have been addressed.

You can download SuperTux 0.5.0 right now via our website, or directly from the project's GitHub page, where you'll find binaries for Microsoft Windows operating systems, and some details about how to help the development team bring more awesome features in upcoming releases.

2016-09-25 18:10 Marius Nestor news.softpedia.com

12 /18 wattOS 10 Microwatt Edition Comes with Less of Everything, Based on Ubuntu 16.04 As its name suggest, wattOS 10 Microwatt Edition is a slimmed down version of the Ubuntu- based GNU/ designed to be used in households where people want to be eco-friendly and consume less power when working on their personal computers. It can be installed in old PCs from 10 years ago with 128 MB of RAM.

The best part of the wattOS 10 Microwatt Edition is that it can be bent to your likings. You can turn it into anything you want, a smart server, a powerful workstation, you name it. It dosen't include anything by default, not even a web browser or music player, so you'll have to install them.

"We are calling this release the “do what you want” release. We have eliminated things that people normally change like preferred web browser, music player, graphics editors/viewers, etc. and replaced them with…….nothing," reads the release announcement. "You get to choose rather than uninstall, change, etc. "

Being powered by Ubuntu 16.04.1 LTS (Xenial Xerus), wattOS 10 Microwatt Edition uses its long-term supported Linux 4.4 kernel, but it is built around the i3 tiling window manager 4.11, which is designed for power users. A minimalistic WebKit-based web browser is installed, namely Surf 0.7, to help you configure your system.

Additionally, users will find the PCManFM 1.2.4 file manager and Mupdf 1.7a-1 minimalistic PDF viewer, along with the PowerTOP power management utility in case you are installing wattOS 10 Microwatt Edition on a laptop and you want to optimize the battery usage. Download wattOS 10 Microwatt Edition right now via our website.

2016-09-25 17:40 Marius Nestor news.softpedia.com

13 /18 Can’t wear Snap sunglasses at night Unless you plan on bumping into stuff, don’t expect to record after-dark concerts and parties on your Snap Inc Spectacles. The company formerly known as Snapchat (they really should have just changed it to the emoji, Prince-style) confirms to me its new camera glasses are not currently built to be worn at night. Their lenses are like normal sunglasses, so it’d be too shady to see with them on.

This fact reinforces the idea of Spectacles as “a toy”. That’s how Snap CEO Evan Spiegel referred to them while talking to the Wall Street Journal , which never mentioned they’re for day- use only.

When the $130 Specs are released this fall, you might have to stick to barbecues and day-time music festivals when you want to tap the rim of your glasses to record 10 seconds of circular, first-person video.

Perhaps future iterations could come with clear lenses or photochromatic light-adaptive lenses that are dark in the sun and transparent at night or indoors. By ditching extra functionality to keep the price reasonable, Snapchat may be able to market the glasses as an aspirational buy for its teen user base. That will go smoother if it can align Spectacles with celebrities people want to emulate. The first version of Spectacles might not be as transformational of a technology as some hoped. Yet it gives Snapchat more control of the image capture and saving experience. With time, engineering, and product finesse, Specs could evolve into something we see ourselves wearing whenever we go somewhere we want to share.

But if public perception lumps them in with geeky Google Glass or unnecessary Flipcams, Spiegel will have spent a lot of Snap’s $2 billion-plus in venture capital on something just for him to play with.

Read our feature piece on the potential and pitfalls of Snap’s Spectacles

2016-09-25 17:33 Josh Constine feedproxy.google.com

14 /18 Over 850,000 Devices Affected by Unpatched Cisco Zero- Day Cisco has recently acknowledged that a cyber- offensive toolkit leaked online by a group of unknown hackers is also affecting its current device models after initial analysis said that only older (discontinued) PIX firewalls were affected.

The tool, named BENINGCERTAIN , leaked in August when a group calling themselves The Shadow Brokers put it online along with tens of other hacking utilities they claim to have stolen from the server of a cyber-espionage entity named the Equation Group, which some security vendors said to be the NSA.

Initial analysis by Mustafa Al-Bassam, aka tFlow, co-founder of the LulzSec hacking crew, showed how someone could use BENINGCERTAIN to extract VPN keys from Cisco PIX firewalls.

Last week, a month after BENINGCERTAIN was leaked, Cisco announced that the tool was also effective against current devices running IOS, IOS XE, and IOS XR software.

At the time of writing, there still is no patch available against BENINGCERTAIN (or Pix Pocket) exploitation.

At the technical level, the exploit (CVE-2016-6415) employs a vulnerability in how the firmware of certain Cisco firewalls deals with IKEv1 and IKEv2 (Internet Key Exchange) packets.

The Shadowserver Foundation, with the help of Cisco engineers, has conducted a scan of the entire Internet for Cisco devices vulnerable to this exploit.

"We are querying all computers with routable IPv4 addresses that are not firewalled from the internet with a specifically crafted 64 byte ISAKMP packet and capturing the response," the company explained.

The scan is carried out at regular intervals, and according to the Shadowserver Foundation, on September 25, 2016, at 00:12 GMT, there were 850,803 vulnerable Cisco devices online.

Over 250,000 of these devices are found in the US, followed by the Russian Federation, the UK, Canada, and Germany.

The large number of devices, along with publicly available exploit code makes them easy- pickings for any threat actor that wants to compromise enterprise networks.

Cisco has previously advised network admins to protect affected equipment by placing them behind firewalls.

2016-09-25 17:30 Catalin Cimpanu news.softpedia.com

15 /18 Linux Kernel 4.7.5 Released with Numerous ARM and Networking Improvements Linux kernel 4.7.5 is here only ten days after the release of the previous maintenance version, namely Linux kernel 4.7.4 , and it's a big update that changes a total of 213 files, with 1774 insertions and 971 deletions, which tells us that the kernel developers and hackers had a pretty busy week patching all sorts of bugs and security issues, as well as to add various, much-needed improvements.

"I'm announcing the release of the 4.7.5 kernel. All users of the 4.7 kernel series must upgrade," says Greg Kroah-Hartman. "The updated 4.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.7.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux- stable.git;a=summary. "

The appended shortlog and diff from the Linux 4.7.4 kernel shows us that Linux kernel 4.7.5 adds numerous improvements to the ARM, PowerPC (PPC), x86, SH, s390, PA-RISC, ARM64, OpenRISC, MIPS, MicroBlaze, M32R, ARC, Alpha, Blackfin, IA64, AVR32, CRIS, Hexagon, MetaG, MN10300, Nios II, SPARC, and FR-V hardware architectures, and updates the networking stack with various changes to things like IPv4, IPv6, IrDA, KCM, SCTP, SunRPC, Wireless, Bridge, Packet Scheduler, and TIPC.

Additionally, Linux kernel 4.7.5 updates many drivers, in particular those for ATA, iiO, InfiniBand, IOMMU, IRQ Chip, MD, MMC, Ethernet (Broadcom, Cavium, Mellanox, Cadence, SMSC), PINCTRL, Wireless, RapidIO, TTY, USB, and GPU devices, and improves the NFS, EXT4, and Btrfs filesystems. If you're using a GNU/Linux distribution powered by a kernel from the Linux 4.7 series, you are urged to update to version 4.7.5 as soon as possible. It's already available for users, and you can download the sources now.

2016-09-25 17:25 Marius Nestor news.softpedia.com

16 /18 Two in Five Sysadmins (Are Crazy) Store Admin Passwords in Word Files This is the finding of a recent survey of 750 IT security engineers carried out by CyberArk, that has discovered, once again, weak security protocols deployed at companies across the world.

The survey has uncovered that 40 percent of organizations store privileged and/or admin passwords in a Word document or spreadsheet on a company PC or laptop, and 28 percent use a shared server or USB stick.

The problem is not where sysadmins store this data, or in what type of file, but if encryption protects this information. A sysadmin could save passwords in a text file called all-my-admin- passwords.txt and place the file on his desktop, as long as the file is encrypted and easy access to the data is prevented.

Furthermore, malware, such as remote access trojans (RATs), is known to carry out mass scans of entire compromised computers, looking most often for files Office files. Storing passwords in such a manner is downright insane and looking for trouble.

CyberArk's survey also reveals that 71 percent of respondents also store privileged account information in dedicated security software. This means that many of these 750 sysadmins are using Word files as alternatives to more secure, dedicated solutions, probably because Word files are easier to carry around and access, defeating the purpose of deploying a dedicated privileged account security solution in the first place.

If that wasn't bad enough, 20 percent of respondents said their company also employs the super-advanced and super-tech practice of keeping passwords in a notebook or a filing cabinet.

These type of physical password storage procedures is what exposed the network of a Dutch mobile operator last year, as showed by security researcher Sijmen Ruwhof , who took a photo of a password written on a sticky note, attached to a clerk's screen.

Weak password practices often help facilitate intrusions into sensitive systems, and companies should upgrade their operations to counter today's modern threats.

2016-09-25 17:25 Catalin Cimpanu news.softpedia.com

17 /18 Antivirus Live CD 20.0-0.99.2 Uses ClamAV 0.99.2 to Protect Your PC from Viruses Based on the Beta version of the upcoming 4MLinux 20.0 operating system, today's Antivirus Live CD 20.0-0.99.2 release brings many updated components, as well as the latest virus signatures from the ClamAV (Clam AntiVirus) project. Version 0.99.2 of ClamAV is used in this updated version of Antivirus Live CD.

"Antivirus Live CD is an official 4MLinux fork including the ClamAV scanner. It's designed for users who need a lightweight live CD, which will help them to protect their computers against viruses," says Zbigniew Konojacki in today's announcement. "The latest version 20.0-0.99.2 is based on 4MLinux 20.0 and ClamAV 0.99.2. "

That's right, you can use Antivirus Live CD to protect your PC from viruses, if they are recognized by the ClamAV virus scanner, of course. Best of all, Antivirus Live CD works independently of the computer operating system you have installed right now, GNU/Linux or Microsoft Windows.

The new version, Antivirus Live CD 20.0-0.99.2, can be downloaded right now via our website, where you'll find two ISO images. The smallest one contains no virus signatures, and it should be fetched by those who can't download the bigger ISO image, which includes all the latest virus signature database from the ClamAV project.

Antivirus Live CD 20.0-0.99.2 also includes various other useful command-line tools that will help you navigate the infected filesystems and remove the malware, such as the popular Midnight Commander file manager, as you can see from the screenshot attached below by the developer.

Midnight Commander running in Antivirus Live CD pic.twitter.com/tdhdmw4oWE

2016-09-25 17:10 Marius Nestor linux.softpedia.com

18 /18 How to pull workers back from the brink of burnout In August, Marissa Mayer kicked up a dust bowl of criticism when she told Bloomberg Businessweek that Google’s early success had a lot to do with 130-hour work weeks. There was plenty of outrage — but none of it will do the average American knowledge worker a bit of good.

The 130-hour workweek backlash doesn’t move us toward more sane working lives for ourselves or for the teams we lead. Actually, it sets us back. “We’re not nearly that bad,” we can say, and congratulate ourselves because, in our organizations, we only work 12-hour days. Or we only work Sundays when it’s important or to “get ahead of the week.” Or we only work at night after the kids have gone to sleep.

After all, we have great benefits, we’re focused on work we like to do and, heck, it’s better than a minimum-wage job where we could get fired for taking a couple of emergency sick days. However, just because basic job protections for low-wage workers in the United States are continually under siege, and depressing, that doesn’t mean knowledge workers aren’t getting gamed, too. Too many professionals think they should feel “lucky,” “honored” and “chosen” as their work steals their time, health and well-being.

What’s the win in this game? A big payout from stock options after three years of indentured startup servitude? Multiple no-shows at important events with your family?

Pointing fingers at the most extreme examples of white-collar sweatshops will change nothing. Incremental “improvements” will change nothing. Reading lots of aspirational articles about perks and work flexibility to demonstrate “great culture” will change nothing.

Work/life balance in startup culture is total BS. And you are probably part of the problem. Until you say “enough” — and fight back, stand up and resist — you’re perpetuating a culture of burnout in which no one wins.

Unfortunately, simply working longer hours doesn’t lead to better work. As CNBC recently reported, a Stanford University study found that employee productivity falls off a cliff after 55 hours per week. After 20 years of working in Silicon Valley, I understand that this can be hard to accept. I didn’t accept it myself until recently, when, for the first time in my career, I took a position where I am not expected to be always-on. In fact, I’m encouraged to be off, and I’ve never been more productive. But I struggled with the shift. I pushed back hard. It took time for me to assimilate to this “new normal.”

Here’s an example. A few months ago, I needed a business forecast for an upcoming executive discussion. I asked a colleague for help. When it came to light that this person worked through the weekend to produce the forecast, my co-founders told me it’s never acceptable for someone to work through the weekend.

I was shocked.

It was a powerful moment, because I realized that mine was a self-imposed deadline. The business wasn’t going to rise or fall on that information being available that day. To the contrary, my previous back-of-the-envelope forecast was close enough for our discussion. I could have (and should have) made it clear that this work could have waited (but I didn’t).

Humane work schedules don’t have to be in conflict with business success, but they do force us to weed out the type of reactive work that chews through hours of the day. If you’re a knowledge worker, by definition you should think about your work — but it’s almost impossible to find time to think if you’re constantly reacting. You’ll want to carve out time to do the more important things (that may take longer) first before you run out of your more productive hours. Sadly, most of us work the opposite way.

We spend precious cycles on reactive work and then try to squeeze in the important work — or do it after hours. Interestingly, I first heard about a different way to work while at Yahoo. We were led through the concepts in Rockefeller Habits , which suggest putting big blocks of work into your schedule first, so they’ll get done. If you do that, you’ll be heads down for a good part of the day. You’ll get a lot of real work done, but you’ll have to put off reacting to everything that comes in to avoid working 18-hour days, seven days a week.

Now, if I don’t believe my own lower-priority tasks can wait, I can’t “ model the way ,” as Jim Kouzes and Barry Posner describe it in their popular “Five Practices of Exemplary Leadership” model. Leaders must set the example for their teams to follow. I’ve thought about why I used to believe my work couldn’t wait. I identified two reasons. First, my previous bosses behaved like their work couldn’t wait. That drove a false sense of urgency for me. Second, it felt good to think I was working on something urgent; it produced a rush of adrenaline.

I was part of the problem. Are you? Here’s a quick test to help you see if you are:

These are signs of a toxic culture of workaholism. We can do better.

In the nine months since I joined Basecamp as its chief operating officer, I’ve been learning to reimagine my work. It hasn’t been easy, and I’m not there yet, but here’s what I’ve learned so far:

Marissa Mayer told Bloomberg Businessweek , “[successful] companies just don’t happen. They happen because of really hard work.” She’s right. But as we’ve heard from experts countless times, hard work is not equal to nonstop work, all the time. That’s bad for employees and it’s bad for companies. But it won’t change until we change.

What can you change today? Start by shutting off the lights at 6 p.m. and going off to live your life.

2016-09-25 17:00 Mercedes De feedproxy.google.com

Total 18 articles.

Created at 2016-09-26 06:00