Nerval's Lobster writes "The state of Oregon blames Oracle for the failures of its online health exchange. The health-insurance site still doesn't fully work as intended, with many customers forced to download and fill out paper applications rather than sign up online; Oracle has reportedly informed the state that it will sort out the bulk of technical issues by December 16, a day after those paper applications are due. 'It is the most maddening and frustrating position to be in, absolutely,' Liz Baxter, chairwoman of the board for the online exchange, told NPR. 'We have spent a lot of money to get something done—to get it done well—to serve the people in our state, and it is maddening that we can't seem to get over this last hump.' Oregon state officials insist that, despite payments of $43 million, Oracle missed multiple deadlines in the months leading up to the health exchange's bungled launch." (Read more, below.)
Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.
CowboyRobot writes "The incentives are high for many businesses and government agencies to not be too heavy handed in combating the global botnet pandemic. There's money to be had and, with each passing day, more interesting ways are being uncovered in how to package the data, and how to employ it. It used to be that the worlds of bug hunters and malware analysts were separate and far between. In the last couple of years the ability to analyze malware samples and identify exploitable vulnerabilities in them has become very important. Given that some botnets have a bigger pool of victims than many commercial software vendors have licensed customers, the value of an exploit that grants reliable remote control of a popular malware agent is rising in value. In many ways, botnets have become a golden goose to those charged with gathering intelligence on the populations of foreign entities. The bulk of the victim's data is useful for mapping populations, communication profiles, and as egress points for counter intelligence exercises. Then, given how many botnet victims there are, the probability that a few 'interesting' computers will have succumbed along the way is similarly high — providing direct insight in to a pool of high value targets."
wiredmikey writes "A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users. Microsoft confirmed the issue and published a security advisory to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware. Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."
New submitter johnslater writes "The Chicago Transit Authority's new 'Ventra' stored-value fare card system has another big problem. It had a difficult birth, with troubles earlier this fall when legitimate cards failed to allow passage, or sometimes double-billed the holders. Last week a server failure disabled a large portion of the system at rush hour. Now it is reported that some federal government employee ID cards allow free rides on the system. The system is being implemented by Cubic Transportation Systems for the bargain price of $454 million."
cartechboy writes "The Tesla Model S, for all its technical and design wizardry, has a dirty little secret: Its a vampire. The car has an odd and substantial appetite for kilowatt-hours even when turned off and parked. This phenomenon has been dubbed the 'vampire' draw, and Tesla promised long ago to fix this issue with a software update. Well, a few software updates have come and gone since then, and the Model S is still a vampire sucking down energy when it's shut down. While this is a concern for many Model S owners and would be owners, the larger question becomes: After nine months, and multiple software updates,why can't Tesla fix this known issue? Tesla has recognized the issue and said a fix would come, yet the latest fix is only a tiny improvement — and the problem remains unsolved. Is Tesla stumped? Can the issue be fixed?"
linuxwrangler writes "San Francisco Bay Area commuters awoke this morning to the news that BART, the major regional transit system which carries hundreds of thousands of daily riders, was entirely shut down due to a computer failure. Commuters stood stranded at stations and traffic backed up as residents took to the roads. The system has returned to service and BART says the outage resulted from a botched software upgrade."
sfcrazy writes "Fans of the MATE desktop environment, which is a fork of Gnome 2, will be happy to know that MATE is scheduled to be included in the official Debian repositories. Early 2012, it was requested that MATE be included in said repositories, and almost 2 years later, it appears we're almost there."
An anonymous reader writes "Google has extended its proactive Patch Reward Program to include even more open-source software. Among them is the Android Open Source Project, which the company previously did not reveal was going to be added. Last month, Google started providing financial incentives (between $500 and $3,133.70) for proactive improvements to OSS that go beyond merely fixing a known security bug. Google said at the time it would be rolling out the program gradually, and hinted that more project types would be on the way."
An anonymous reader writes "Users of Silverlight, Microsoft's answer to Adobe Flash, are in danger of having malware installed on their computers and being none the wiser, as an exploit for a critical vulnerability (CVE-2013-0634) in the app framework has been added to the Angler exploit kit. The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements." You'd think something like Silverlight would automatically upgrade itself.
jones_supa writes "A classic game console freezing problem seems to affect the newest generation too. It has been found out that a bunch of Sony PlayStation 4s suffer of a problem which has been christened 'Blue Light of Death'. When a PS4 is turned on with a press of the power button, the light that runs along the side of the console should first pulse blue and then switch to white. At this point the console turns on the picture signal to the display device. Those who have a unit with the glitch are instead finding that their PS4 pulses blue, never goes to white and never outputs an image. We do not have accurate statistics of how widespread the issue is, but reports are popping up in Amazon reviews, Twitter, YouTube and other websites. PlayStation support is still in midst of investigating the issue, but has already posted a bunch of magic tricks you can try to get the console past the initial startup stage."
sfcrazy writes "In a surprising and unexpected move, Google and its partners have removed the recently launched HP Chromebook 11 from shelves. Users were complaining about the issues with the trackpad and performance of the laptop." Specifically (as also reported by the Seattle Post-Intelligencer), some of the laptops have been reported to overheat.
A few days ago, the operator of Fix Ubuntu received a threatening letter from Canonical commanding him to cease using the Ubuntu name or logo. Last night, Mark Shuttleworth posted an update noting that it shouldn't have happened, and also apologizing for calling opponents of Mir the open source tea party. "In order to make the amount of [trademark related] correspondence manageable, we have a range of standard templates for correspondence. They range from the 'we see you, what you are doing is fine, here is a license to use the name and logo which you need to have, no need for further correspondence,' through 'please make sure you state you are speaking for yourself and not on behalf of the company or the product,' to the 'please do not use the logo without permission, which we are not granting unless you actually certify those machines,' and 'please do not use Ubuntu in that domain to pretend you are part of the project when you are not.' Last week, the less-than-a-month-at-Canonical new guy sent out the toughest template letter to the folks behind a “sucks” site. Now, that was not a decision based on policy or guidance; as I said, Canonical’s trademark policy is unusually generous relative to corporate norms in explicitly allowing for this sort of usage. It was a mistake, and there is no question that the various people in the line of responsibility know and agree that it was a mistake. It was no different, however, than a bug in a line of code, which I think most developers would agree happens to the best of us. It just happened to be, in that analogy, a zero-day remote root bug. ... On another, more personal note, I made a mistake myself when I used the label “open source tea party” to refer to the vocal non-technical critics of work that Canonical does. That was unnecessary and quite possibly equally offensive to members of the real Tea Party (hi there!) and the people with vocal non-technical criticism of work that Canonical does (hello there!)."
Nerval's Lobster writes "A government official who helped oversee the bug-riddled Healthcare.gov Website has resigned his post. Tony Trenkle, Chief Information Officer (CIO) for Medicare and Medicaid Services, which oversees Healthcare.gov, will reportedly join the private sector after he departs on November 15. A spokesperson for the Medicare agency refused to say whether he had been forced out, telling reporters: 'Tony made a decision that he was going to move to the private sector and that is what our COO announced yesterday.' Because of his supervisory role, Trenkle is considered a significant player in the Website's development; The New York Times indicated that he was one of two federal officials who signed an internal memo suggesting that security protocols for the Website weren't in place as recently as late September, a few days before Healthcare.gov's launch.Following Trenkle's resignation, Health and Human Services secretary Kathleen Sebelius admitted to the Senate Finance Committee that Healthcare.gov would require hundreds of fixes. 'We're not where we need to be,' she said. 'It's a pretty aggressive schedule to get to the entire punch list by the end of November.' Sebelius added that she was ultimately accountable for what she termed the 'excruciatingly awful' rollout. Healthcare.gov has experienced massive problems since its Oct. 1 debut. In addition to repeated crashes and slow performance, the Website's software often prevents people from setting up accounts. President Obama has expressed intense frustration with the situation, but insists the Affordable Care Act (ACA) backing the Website remains strong. 'The essence of the law, the health insurance that's available to people is working just fine,' he told reporters in October. 'The problem has been that the website that's supposed to make it easy to apply for insurance hasn't been working.' While the federal government won't release 'official' enrollment numbers until the end of November, it's clear that the Website's backers are losing the battle of public perception."
An anonymous reader writes "Microsoft and Facebook today jointly launched a new initiative called the Internet Bug Bounty program. In short, the two companies are looking to secure the Internet stack by rewarding anyone and everyone who hacks it, and responsibly discloses vulnerabilities they find. The minimum bounty for hacking any component of the Internet is $5,000."
wiredmikey writes "Microsoft released an advisory today warning users about a new zero-day under attack in targeted campaigns occurring in the Middle East and South Asia. According to Microsoft, the vulnerability resides in the Microsoft Graphics component and impacts certain versions of Windows, Microsoft Office and Lync. The problem exists in the way specially-crafted TIFF images are handled. To exploit the vulnerability, an attacker would have to convince a user to preview or open a specially-crafted email message, open a malicious file or browse malicious Web content. If exploited successfully, the vulnerability can be used to remotely execute code. The vulnerability affects Office 2003, 2007 and 2010 as well as Windows Server 2008 and Windows Vista. Right now, Microsoft Word documents are the current vector for attack."
mikejuk writes "Bribe.io announces itself as: 'A super easy way to bribe developers to fix bugs and add features in the software you're using.' Recognizing the fact that a lot of open source projects are maintained by developers working alone and in their spare time, the idea is to encourage other developers to by specifying a monetary value to a bug report or feature enhancement. Once an initial 'Bribe' has been posted others can 'chip in' and add to the financial incentive."
rtoz writes "For handling the future unreliable chips, a research group at MIT's Computer Science and Artificial Intelligence Laboratory has developed a new programming framework that enables software developers to specify when errors may be tolerable. The system then calculates the probability that the software will perform as it's intended. As transistors get smaller, they also become less reliable. This reliability won't be a major issue in some cases. For example, if few pixels in each frame of a high-definition video are improperly decoded, viewers probably won't notice — but relaxing the requirement of perfect decoding could yield gains in speed or energy efficiency."
An anonymous reader writes "Linus Torvalds announced the Linux 3.12 kernel release with a large number of improvements through many subsystems including new EXT4 file-system features, AMD Berlin APU support, a major CPUfreq governor improvement yielding impressive performance boosts for certain hardware/workloads, new drivers, and continued bug-fixing. Linus also took the opportunity to share possible plans for Linux 4.0. He's thinking of tagging Linux 4.0 following the Linux 3.19 release in about one year and is also considering the idea of Linux 4.0 being a release cycle with nothing but bug-fixes. Does Linux really need an entire two-month release cycle with nothing but bug-fixing? It's still to be decided by the kernel developers."
MojoKid writes "Microsoft has several valid reasons why you should upgrade to Windows 8.1, which is free if you already own Windows 8. However, there's a known issue that might give some gamers pause before clicking through in the Windows Store. There have been complaints of mouse problems after applying the Windows 8.1 update, most of which have been related to lag in video games, though Microsoft confirmed there are other potential quirks. Acknowledging the problem, Microsoft says it's also actively investigating the issues and working on a patch."
codeusirae writes "RAF pilots were left 'blinded' by a barrage of images while flying at speeds of over 1,000 mph when a number of technical glitches hit their high-tech helmets. The visors were supposed to provide the fighter pilots with complete vision and awareness, but problems with the display produced a blurring known as 'green-glow,' meaning they were unable to see clearly.The green glow occurred when a mass of information was displayed on the helmet-mounted display systems, including radar pictures and images from cameras mounted around the aircraft."