Hundreds of Southwest Flights Delayed By Online Booking Problems 35

An anonymous reader writes: A technology problem delayed hundreds of Southwest Airlines flights Sunday while the airline checked-in passengers manually at airports. Around 300 flights had been delayed as of Sunday afternoon. In a statement on its website, Southwest said intermittent technical issues "are impacting website performance in creating new bookings and requiring us to process some customers manually as they arrive for travel."

Kaspersky Fixes Bug That Allowed Attackers To Block Windows Update & Others ( 33

An anonymous reader writes with this story at Softpedia about Google Project Zero security researcher Tavis Ormandy's latest find. A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself. Basically, by spoofing a few TCP packets, attackers could have tricked the antivirus into blocking services like Windows Update, Kaspersky's own update servers, or any other IPs which might cripple a computer's defenses, allowing them to carry out further attacks later on.

Ask Slashdot: Selecting a Version Control System For an Inexperienced Team 319

An anonymous reader writes: I have been programming in Python for quite a while, but so far I have not used a version control system. For a new project, a lot more people (10-15) are expected to contribute to the code base, many of them have never written a single line of Python but C, LabVIEW or Java instead. This is a company decision that can be seen as a Python vs. LabVIEW comparison — if successful the company is willing to migrate all code to Python. The code will be mostly geared towards data acquisition and data analysis leading to reports. At the moment I have the feeling, that managing that data (=measurements + reports) might be done within the version control system since this would generate an audit trail on the fly. So far I have been trying to select a version control system, based on google I guess it should be git or mercurial. I get the feeling, that they are quite similar for basic things. I expect, that the differences will show up when more sophisticated topics/problems are addressed — so to pick one I would have to learn both — what are your suggestions? Read below for more specifics.
Open Source

Linux Foundation: Security Problems Threaten 'Golden Age' of Open Source ( 74

Mickeycaskill writes: Jim Zemlin, executive director of the Linux Foundation, has outlined the organization's plans to improve open source security. He says failing to do so could threaten a "golden age" which has created billion dollar companies and seen Microsoft, Apple, and others embrace open technologies. Not long ago, the organization launched the Core Infrastructure Initiative (CII), a body backed by 20 major IT firms, and is investing millions of dollars in grants, tools, and other support for open source projects that have been underfunded. This was never move obvious than following the discovery of the Heartbleed Open SSL bug last year. "Almost the entirety of the internet is entirely reliant on open source software," Zemlin said. "We've reached a golden age of open source. Virtually every technology and product and service is created using open source. Heartbleed literally broke the security of the Internet. Over a long period of time, whether we knew it or not, we became dependent on open source for the security and Integrity of the internet."
United States

NSF Awards $74.5 Million To Support Interdisciplinary Cybersecurity Research ( 9

aarondubrow writes: The National Science Foundation announced $74.5 million in grants for basic research in cybersecurity. Among the awards are projects to understand and offer reliability to cryptocurrencies; invent technologies to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the science of censorship resistance by developing accurate models of the capabilities of censors. According to NSF, long-term support for fundamental cybersecurity research has resulted in public key encryption, software security bug detection, spam filtering and more.

The Mutant Genes Behind the Black Death 132

An anonymous reader writes: Each year, 4 million people visit Yosemite National Park in California. Most bring back photos, postcards and an occasional sunburn. But two unlucky visitors this summer got a very different souvenir. They got the plague. This quintessential medieval disease, caused by the bacterium Yersinia pestis and transmitted most often by fleabites, still surfaces in a handful of cases each year in the western United States, according to the Centers for Disease Control and Prevention. Its historical record is far more macabre. The plague of Justinian from 541 to 543 decimated nearly half the population in the Mediterranean, while the Black Death of the Middle Ages killed one in every three Europeans.

Now researchers are beginning to reveal a surprising genetic history of the plague. A rash of discoveries show how just a small handful of genetic changes — an altered protein here, a mutated gene there — can transform a relatively innocuous stomach bug into a pandemic capable of killing off a large fraction of a continent.

The most recent of these studies, published in June, found that the acquisition of a single gene named pla gave Y. pestis the ability to cause pneumonia, causing a form of plague so lethal that it kills essentially all of those infected who don't receive antibiotics. In addition, it is also among the most infectious bacteria known. "Yersinia pestis is a pretty kick-ass pathogen," said Paul Keim, a microbiologist at Northern Arizona University in Flagstaff. "A single bacterium can cause disease in mice. It's hard to get much more virulent than that."

OpenIndiana Hipster 2015.10: Keeping an Open-Source Solaris Going 149

An anonymous reader writes: It's been five years since Oracle killed off OpenSolaris while the community of developers are letting it live on with the new OpenIndiana "Hipster" 15.10 release. OpenIndiana 15.10 improves its Python-based text installer as it looks to drop its GUI installer, switches out the Oracle JDK/JRE for OpenJDK, and updates its vast package set. However, there are still a number of outdated packages on the system like Firefox 24 and X.Org Server 1.14 while the default office suite is a broken OpenOffice build, due to various obstacles in maintaining open-source software support for Solaris while being challenged by limited contributors. Download links are available via the release notes. There's also a page for getting involved if wishing to improve the state of open-source Solaris.
The Military

F-35 Ejection Seat Fears Ground Lightweight Pilots 179

An anonymous reader writes: Writing for Defense News, Lara Seligman and Aaron Mehta report that "[c]oncerns about increased risk of injury to F-35 pilots during low-speed ejections have prompted the US military services to temporarily restrict pilots who weigh less than 136 pounds from flying the aircraft. During August tests of the ejection seat, built by Martin-Baker, testers discovered an increased risk of neck injury when a lightweight pilot is flying at slower speeds. Until the problem is fixed, the services decided to restrict pilots weighing under 136 pounds from operating the plane, Maj. Gen. Jeffrey Harrigian, F-35 integration office director, told Defense News in a Tuesday interview."

Some Apple iPhone 6s and 6s Plus Smartphones Mysteriously Powering Down 59

MojoKid writes: Apple's iPhone 6s and 6s Plus were two of the most highly anticipated smartphones to launch so far this year. The excitement surrounding Apple's new refresh cycle flagships was so great that Apple reported record first weekend sales, with 13 million devices finding their way to customers. However, it appears that some of those customers are having a puzzling issue with their brand new iPhones. Owners are reporting that their phones are turning off randomly when left alone — even when the smartphones have sufficient battery remaining. "New Phone 6s 128GB turned off for no reason the last two nights," wrote Joachim Frey in an Apple discussion thread. "In the morning you then have to push the power-on button for a long time to get it started."

Samsung Decides Not To Patch Kernel Vulnerabilities In Some S4 Smartphones 144

An anonymous reader writes: QuarksLAB, a security research company, has stumbled upon two kernel vulnerabilities for Samsung Galaxy S4 devices, which Samsung has decided to patch only for recent devices running Android Lollipop, but not Jelly Bean or KitKat. The two vulnerabilities (kernel memory disclosure and kernel memory corruption) were discovered in February 2014 and reported to Samsung in August 2014, affecting the samsung_extdisp driver of Samsung S4 (GT-I9500) devices. Bugs break ASLR and lead to denial of service (DoS) state or even elevating attacker privileges.

Office 2016 Proving Unstable With Apple's El Capitan 138

An anonymous reader writes: Users of Microsoft Office on the Mac are reporting widespread instabilities and conflicts after upgrading to the latest version of the Apple desktop operating system, El Capitan. The first indications that El Capitan and Office 2016 were not working well together came in a now epic thread at Microsoft Community. Many users have surmised that new restrictions in file permissions in El Capitan caused the problems initially, though nearly all agree that Office's Outlook email client is the critical point of failure in the current round of application crashes and loss of functionality.

$50 Fire Tablet With High-capacity SDXC Slot Doesn't See E-books On the SD Card 145

Robotech_Master writes: For all that the $50 Fire tablet has a 128 GB capable SDXC card slot that outclasses every other tablet in its price range, and it evolved out of Amazon's flagship e-book reader, it strangely lacks the ability to index e-books on that card. This seems like a strange oversight, given that every other media app on the tablet uses that card for downloading and storage, and its 5 GB usable internal memory isn't a lot for people who have a large library of picture-heavy e-books—especially if they want to install other apps, too.

500 Million Users At Risk of Compromise Via Unpatched WinRAR Bug 129

An anonymous reader writes: A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine on which the software is installed. "The issue is located in the 'Text and Icon' function of the 'Text to display in SFX window' module," Vulnerability Lab explained in a post on on the Full Disclosure mailing list. "Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise."

Newly Found TrueCrypt Flaw Allows Full System Compromise 106

itwbennett writes: James Forshaw, a member of Google's Project Zero team has found a pair of flaws in the discontinued encryption utility TrueCrypt that could allow attackers to obtain elevated privileges on a system if they have access to a limited user account. 'It's impossible to tell if the new flaws discovered by Forshaw were introduced intentionally or not, but they do show that despite professional code audits, serious bugs can remain undiscovered,' writes Lucian Constantin.

Doctors On Edge As Healthcare Gears Up For 70,000 Ways To Classify Ailments 232 writes: Melinda Beck reports in the WSJ that doctors, hospitals and insurers are bracing for possible disruptions on October 1 when the U.S. health-care system switches to ICD-10, a massive new set of codes for describing illnesses and injuries that expands the way ailments are described from 14,000 to 70,000. Hospitals and physician practices have spent billions of dollars on training programs, boot camps, apps, flashcards and practice drills to prepare for the conversion, which has been postponed three times since the original date in 2011. With the move to ICD-10, the one code for suturing an artery will become 195 codes, designating every single artery, among other variables, according to OptumInsight, a unit of UnitedHealth Group Inc. A single code for a badly healed fracture could now translate to 2,595 different codes, the firm calculates. Each signals information including what bone was broken, as well as which side of the body it was on.

Propoenents says ICD-10 will help researchers better identify public-health problems, manage diseases and evaluate outcomes, and over time, will create a much more detailed body of data about patients' health—conveying a wealth of information in a single seven-digit code—and pave the way for changes in reimbursement as the nation moves toward value-based payment plans. "A clinician whose practice is filled with diabetic patients with multiple complications ought to get paid more for keeping them healthy than a clinician treating mostly cheerleaders," says Dr. Rogers. "ICD-10 will give us the precision to do that." As the changeover deadline approaches some fear a replay of the Affordable Care Act rollout debacle in 2013 that choked computer networks, delaying bills and claims for several months. Others recollect the end-of-century anxiety of Y2K, the Year 2000 computer bug that failed to materialize. "We're all hoping for the best and expecting the worst," says Sharon Ahearn. "I have built up what I call my war chest. That's to make sure we have enough working capital to see us through six to eight weeks of slow claims."

Chrome For Android's Incognito Mode Saves Some of the Sites You Visit 69

An anonymous reader writes: A newly found bug in Google Chrome for Android means incognito mode really isn't as locked-down as it's designed to be. Some sites you visit while using the privacy feature are still saved, and can be retrieved simply by opening the browser's settings. Google Chrome for Android has had incognito mode since February 2012. Here is Google's official description of the feature: "If you don't want Google Chrome to save a record of what you visit and download, you can browse the web in incognito mode."

Apple Admits iCloud Problem Has Killed iOS 9 'App Slicing' 143

Mark Wilson writes: One of the key features of iOS 9 — and one of the reasons 16GB iPhones were not killed — is app slicing. This innocuous-sounding feature reduces the amount of space apps take up on iPhones and iPads... or at least it does when it is working. At the moment Apple has a problem with iCloud which is preventing app slicing from working correctly. The feature works by only downloading the components of an app that are needed to perform specific tasks on a particular device, but at the moment regular, universal apps are delivered by default.

Mozilla Fixed a 14-Year-Old Bug In Firefox, Now Adblock Plus Uses Less Memory 410

An anonymous reader writes: Mozilla launched Firefox 41 yesterday. Today, Adblock Plus confirmed the update "massively improves" the memory usage of its Firefox add-on. This particular memory issue was brought up in May 2014 by Mozilla and by Adblock Plus. But one of the bugs that contributed to the problem was actually first reported on Bugzilla in April 2001 (bug 77999).

Apple's iOS 9 Breaks VPNs 88

An anonymous reader writes with a report from The Stack that researchers have discovered a crucial security problem in the latest version of iOS 9: it breaks VPN connections to corporate servers. According to the linked piece, "The flaw was first detected in the iOS 9 beta, and has not been fixed in the released version. Neither has the bug been removed in the current iOS 9.1 beta." The workaround might not be what you want to hear, either, if you've happily upgraded to the latest version: it's to downgrade to iOS 8.4.1.

Crash Chrome With 16 Characters 205

An anonymous reader writes: Remember when it took just eight characters to crash Skype? Apparently it takes double that to take out Chrome: Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser. To try it yourself, fire up Chrome 45 (the latest stable version) or older and put this into your address bar: http: //a/%%30%30 (without the space).