ArsTechnica-OpenSource

Subscribe to ArsTechnica-OpenSource feed ArsTechnica-OpenSource
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 46 min 58 sec ago

Biggest amateur-built sub sinks—owner is suspected of killing passenger

Fri, 08/11/2017 - 6:00pm

Enlarge / The UV3 Nautilus in early sea trials in 2008. (credit: Frumperino)

Believe it or not, there's a crowdsourced, open source non-profit attempting to build a sea-launched suborbital rocket. Called Copenhagen Suborbitals, it even had access to a sub. A club associated with the venture completed a submarine in 2008, designed by Peter Madsen, a Danish inventor who is co-founder of the group. That submarine is now at the bottom of the sea, and Madsen is being held by Danish authorities on suspicion of "unlawful killing"—a precursor charge to manslaughter or murder.

The UV3 Nautilus was the third and largest submarine effort by the club, costing $200,000 to construct. It served as a workhorse for Copenhagen Suborbitals, helping push the group's Sputnik rocket launch platform into position on a number of occasions. Nautilus is—or was—powered by two diesel engines above the surface and by batteries underwater. While it could hold a crew of four underwater, all of its controls could be managed by a single person from its control room.

By 2011, the sub needed an overhaul. But the repairs required more than Copenhagen Suborbitals could afford to sink into the Nautilus. So in 2013, the group launched an Indiegogo campaign to get it back in the water. In a video, Madsen described the sub and the inspiration behind it.

Read 7 remaining paragraphs | Comments

Salesforce “red team” members present tool at Defcon, get fired

Thu, 08/10/2017 - 2:31pm

Enlarge / Meatpistol was supposed to be released at DEFCON. But Salesforce pulled the plug—and fired two security employees for presenting about it. (credit: DEFCON/Schwartz and Cramb)

At Defcon in Las Vegas last month, word rapidly spread that two speakers—members of Salesforce's internal "red team"—had been fired by a senior executive from Salesforce "as they left the stage." Those two speakers, who presented under their Twitter handles, were Josh "FuzzyNop" Schwartz, Salesforce's director of offensive security, and John Cramb, a senior offensive security engineer.

Schwartz and Cramb were presenting the details of their tool, called Meatpistol. It's a "modular malware implant framework" similar in intent to the Metasploit toolkit used by many penetration testers, except that Meatpistol is not a library of common exploits, and it is not intended for penetration testing. The tool was anticipated to be released as open source at the time of the presentation, but Salesforce has held back the code.

"Meatpistol is a framework for red teams to create better implants," and an "offensive infrastructure automation tool," Schwartz and Cramb explained in their presentation. It is intended to automate the grunt work of deploying new malware attacks for multiple types of targets. Rather than testing for common vulnerabilities as penetration testers often do, the internal red team Schwartz led until last month had the job of constantly probing and attacking Salesforce's systems. It even stole data like real adversaries, operating with nearly unrestricted rules of engagement internally.

Read 7 remaining paragraphs | Comments

Adobe ending Flash support at the end of 2020

Tue, 07/25/2017 - 1:00pm

Enlarge (credit: Aurich / Thinkstock)

Back in 2012, Adobe recognized that Flash's end was near, with a five- to 10-year timeframe for its eventual phasing out. Today, the company got specific: Flash will be supported through to the end of 2020, after which the Flash player will cease to be developed and distributed.

In the early days of the Web, Flash served an essential role, offering graphical and interactive capabilities that simply had no equivalent in plain HTML and JavaScript. Since then, a raft of technologies—canvas for 2D graphics, WebGL for 3D graphics, HTML5's video and audio tags, JavaScript interfaces for microphones and webcams, among others—have piece by piece eliminated the need for Flash. With, most recently, support for DRM-protected video being incorporated into HTML5, the need for Flash is largely eliminated.

As such, Adobe, together with Apple, Facebook, Google, Microsoft, and Mozilla, has planned to end-of-life the browser plugin. The plugin will be fully supported and maintained until the end of 2020, with browsers such as Chrome and Edge continuing to embed and patch the plugin. Adobe also says that in "certain [unspecified] geographies" it will move to end the support and use of the plugin more aggressively, due to widespread use of outdated versions of the software.

Read 2 remaining paragraphs | Comments

Over many objections, W3C approves DRM for HTML5

Mon, 07/10/2017 - 1:45pm

(credit: Bart Maguire)

A system for providing DRM protection to Web-based content is now an official recommendation from W3C.

In 2013, the World Wide Web Consortium (W3C), the industry body that oversees the development of Web standards, took the controversial decision to develop a system for integrating DRM into browsers. The Encrypted Media Extensions (EME) would offer a way for content producers to encrypt and protect audio and video content from within their plugin-free HTML-and-JavaScript applications.

EME is not itself a DRM system. Rather, it is a specification that allows JavaScript applications to interact with DRM modules to handle things like encryption keys and decrypting the protected data. Microsoft, Google, and Adobe all have DRM modules that comply with the spec.

Read 7 remaining paragraphs | Comments

According to statistics, programming with spaces instead of tabs makes you richer

Thu, 06/15/2017 - 12:06pm

Enlarge (credit: Kai Hendry)

Stop the world, I want to get off.

The annual Stack Overflow developer surveys often include lots of bad news. "People still use PHP," for example, is a recurring and distressing theme. "Perl exists" is another.

But never before has the survey revealed something as devastatingly terrible as the 2017 survey. Using PHP and Perl are matters of taste. Extremely masochistic taste, certainly, but nobody is wrong for using those languages; it's just the programming equivalent of enjoying Adam Sandler movies. But the 2017 survey goes beyond taste; it goes into deep philosophical questions of right and wrong, and it turns out that being wrong pays more than being right.

Read 5 remaining paragraphs | Comments

Windows switch to Git almost complete: 8,500 commits and 1,760 builds each day

Wed, 05/24/2017 - 12:27pm

Enlarge (credit: Git)

Back in February, Microsoft made the surprising announcement that the Windows development team was going to move to using the open source Git version control system for Windows development. A little over three months after that first revelation, and about 90 percent of the Windows engineering team has made the switch.

The switch to Git has been driven by a couple of things. In 2013, the company embarked on its OneCore project, unifying its different strands of Windows development and making the operating system a more cleanly modularized, layered platform. At the time, Microsoft was using SourceDepot, a customized version of the commercial Perforce version control system, for all its major projects.

SourceDepot couldn't handle a project the size of Windows, so rather than having the whole operating system in a single repository, the Windows code was actually divided among 65 different repositories, with a kind of virtualization layer on top to produce a unified view of all the code. Some of these 65 repos contained nicely isolated, standalone components; others took vertical or horizontal slices through the operating system; others were just grab bags of different code. As such, the repo structure didn't correspond with OneCore's module boundaries.

Read 16 remaining paragraphs | Comments

Microsoft’s renewed embrace of developers, developers, developers, developers

Fri, 05/19/2017 - 10:15am

Microsoft's love for developers is well-known and has been enthusiastically expressed over the years. Windows' strength as a development platform—the abundance of custom, line-of-business applications, games, Office integrations—has given the company an entrenched position in the corporate world, ubiquity in Western homes, and extensive reach into the server room.

In the past, Microsoft's focus on developers had a certain myopic quality. One manifestation of this that was close to my heart was the development of the company's C and C++ compiler—or perhaps I should say, non-development. Microsoft's compiler did not support the C99 standard (and still does not today, though it's better than it used to be), and for a dark period through the 2000s, it made only half-hearted attempts to support the full C++98 and C++03 standards. The failure to support these standards meant that many open source software libraries were becoming difficult or impossible to compile with Microsoft's own compiler, making Windows at best a second-class citizen.

I asked Microsoft about this many times, wondering why the company didn't appear to care that it was making Windows irrelevant to these groups. The response was always unsatisfactory: the existing body of Windows developers wasn't demanding these features, and hence they were unimportant. Never mind that there was a wider community of developers out there that Microsoft was making unwelcome on its platform.

Read 27 remaining paragraphs | Comments

Mozilla and Thunderbird are continuing together, with conditions

Wed, 05/10/2017 - 11:43am

Enlarge (credit: Mozilla)

The Thunderbird e-mail client still has its supporters, but for the past couple of years, Mozilla has been making moves to distance itself from the project. In late 2015, Mozilla announced that it would be looking for a new home for Thunderbird, calling its continued maintenance "a tax" on Firefox development.

Yesterday, Mozilla Senior Add-ons Technical Editor Philipp Kewisch announced Mozilla's future plans for Thunderbird—the Mozilla Foundation will "continue as Thunderbird’s legal, fiscal, and cultural home," but on the condition that the Thunderbird Council maintains a good working relationship with Mozilla leadership and that Thunderbird works to reduce its "operational and technical" reliance on Mozilla.

As a first step toward operational independence, the Thunderbird Council has been soliciting donations from users, which Kewisch says has become "a strong revenue stream" that is helping to pay for servers and staff.

Read 3 remaining paragraphs | Comments