An anonymous reader writes from a report issued by Softpedia on May 27: Microsoft and several other security researchers have detected the first ransomware versions that appears to have self-propagation features, being able to spread to other machines on its own by copying itself to shared network drives or portable storage devices automatically. Called ZCryptor, this ransomware seems to enjoy quite the attention from crooks, who are actively distributing today via Flash malvertising and boobytrapped Office files that infect the victim if he enables macro support when opening the file. This just seems to be the latest addition to the ransomware family, one which recently received the ability to launch DDoS attacks while locking the user's computer.

An anonymous reader quotes a report from Phys.Org: A trio of researchers has solved a single math problem by using a supercomputer to grind through over a trillion color combination possibilities, and in the process has generated the largest math proof ever -- the text of it is 200 terabytes in size. The math problem has been named the boolean Pythagorean Triples problem and was first proposed back in the 1980's by mathematician Ronald Graham. In looking at the Pythagorean formula: a^2 + b^2 = c^2, he asked, was it possible to label each a non-negative integer, either blue or red, such that no set of integers a, b and c were all the same color. To solve this problem the researchers applied the Cube-and-Conquer paradigm, which is a hybrid of the SAT method for hard problems. It uses both look-ahead techniques and CDCL solvers. They also did some of the math on their own ahead of giving it over to the computer, by using several techniques to pare down the number of choices the supercomputer would have to check, down to just one trillion (from 10^2,300). Still the 800 processor supercomputer ran for two days to crunch its way through to a solution. After all its work, and spitting out the huge data file, the computer proof showed that yes, it was possible to color the integers in multiple allowable ways -- but only up to 7,824 -- after that point, the answer became no. Is the proof really a proof if it does not answer why there is a cut-off point at 7,825, or even why the first stretch is possible? Does it really exist?

sproketboy shares this article about a computer graphic designer who spent two years building a real-world version of the classic videogame Pong, played on a full-sized coffee table using only mechanical parts. The project's team apparently used a hard drive platter for the real-world scroll wheels controlling the paddles, aided by some large Arduinos and other homemade electronics (along with rainbow LED lights to create the pixels for the score).

"We don't have any electronics, product design, or manufacturing background," Daniel Perdomo told one technology site. "All we knew for this was thanks to the Internet (Google, YouTube, forums). Today you can grab all the knowledge you want just a few clicks away!" He's now looking for a hardware incubator to transform his "Atari Pong Project" into a real consumer product. (Interestingly, another group of hobbyists built a similar electromechanical version of Pong back In 2004.)

Annette Hurst, an attorney at Orrick, Herrington & Sutcliffe who represented Oracle in the recent Oracle v. Google trial, has written an opinion piece for Ars Technica in which she urges developers and creators to not celebrate Google's win in the hard-fought copyright case as the decision -- if remains intact -- is poised to make them "suffer" everywhere and also the free software movement itself "now faces substantial jeopardy." As you're aware, in a verdict earlier this week, a federal court announced that Google's Android operating system didn't infringe on Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." Hurst writes: No business trying to commercialize software with any element of open software can afford to ignore this verdict. Dual licensing models are very common and have long depended upon a delicate balance between free use and commercial use. Royalties from licensed commercial exploitation fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option. This jury's verdict suggests that such restrictions are now meaningless, since disregarding them is simply a matter of claiming "fair use." It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy.

infernalC writes: Ars Technica is reporting that the verdict is in, and that the jury decided that Google's duplication of several Java interfaces is fair use. Ars Technica writes that Google's Android OS does not infringe upon Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." The jury unanimously answered "yes" in response to whether or not Google's use of Java APIs was a "fair use" under copyright law. The trial is now over, since Google won. "Google's win somewhat softens the blow to software developers who previously thought programming language APIs were free to use," Ars Technica writes. "It's still the case that APIs can be protected by copyright under the law of at least one appeals court. However, the first high-profile attempt to control APIs with copyright law has now been stymied by a "fair use" defense." The amount Oracle may have asked for in damages could have been as much as $9 billion.

theodp writes: Over at Quartz, Globaloria CEO Idit Harel argues that American schools are teaching our kids how to code all wrong. She writes, "The light and fluffy version of computer science -- which is proliferating as a superficial response to the increased need for coders in the workplace -- is a phenomenon I refer to as 'pop computing.' While calling all policy makers and education leaders to consider 'computer science education for all' is a good thing, the coding culture promoted by Code.org and its library of movie-branded coding apps provide quick experiences of drag-and-drop code entertainment. This accessible attraction can be catchy, it may not lead to harder projects that deepen understanding." You mean the "first President to write a line of computer code" may not have progressed much beyond moving Disney Princess Elsa forward? Harel says there must be a distinction drawn between "coding tutorials" and learning "computer science." Building an app, for example, can't be done in a couple of hours, it "requires multi-dimensional learning contexts, pathways and projects." "Just as would-be musicians become proficient by listening, improvising and composing, and not just by playing other people's compositions, so would-be programmers become proficient by designing prototypes and models that work for solving real problems, doing critical thinking and analysis, and creative collaboration -- none of which can be accomplished in one hour of coding," she writes.

An anonymous reader writes: CentOS team is pleased to announce the immediate availability of CentOS Linux 6.8 and install media for i386 and x86_64 Architectures. Release Notes for 6.8 are available here. Softpedia writes: "CentOS Linux 6.8 arrives today with major changes, among which we can mention the latest Linux 2.6.32 kernel release from upstream with support for storing up to 300TB of data on XFS filesystems. The VPN endpoint solution implemented in the NetworkManager network connection manager utility is now provided on the libreswan library instead of the Openswan IPsec implementation used in previous release of the OS, and it looks like the SSLv2 protocol has been disabled by default for the SSSD (System Security Services Daemon), which also comes with support for smart cards now." In addition, the new release comes with updated applications, including the LibreOffice 4.3.7 office suite and Squid 3.4 caching and forwarding web proxy, many of which are supporting the Transport Layer Security (TLS) 1.2 protocol, including Git, YUM, Postfix, OpenLDAP, stunnel, and vsftpd. The dmidecode open-source tool now supports SMBIOS 3.0.0, you can now pull kickstart files from HTTPS (Secure HTTP) sources, the NTDp (Network Time Protocol daemon) package has an alternative solution as chrony, SSLv3 has been disabled by default, and there's improved support for Hyper-V.

An anonymous reader writes from a report via CNBC: A new report reveals the U.S. Defense Department is still using 8-inch floppy disks in a computer system that coordinates the operational functions of the nation's nuclear forces. The Defense Department's 1970s-era IBM Series/1 Computer and long-outdated floppy disks handle functions related to intercontinental ballistic missiles, nuclear bombers and tanker support aircraft, according to the new Governmental Accountability Office report. The report shows how outdated IT systems are being used to handle important functions related to the nation's taxpayers, federal prisoners and military veterans, as well as to the America's nuclear umbrella. "Federal legacy IT systems are becoming increasingly obsolete: Many use outdated software languages and hardware parts that are unsupported," the report found. "Agencies reported using several systems that have components that are, in some cases, at least 50 years old." From the report: "GAO pointed out that aging systems include the Treasury Department's 'individual master file,' which is the authoritative data source for individual taxpayers. It's used to assess taxes and generates refunds. That file 'is written in assembly language code -- a low-level computer code that is difficult to write and maintain -- and operates on an IBM mainframe,' the report said." The report also mentioned that several other departments, such as the departments of Treasury, Commerce, Health and Human Services and the Veterans' Administration, "reported using 1980s and 1990s Microsoft operating systems that stopped being supported by the vendor more than a decade ago."

An anonymous reader quotes a report from BGR: According to a new report from The Information, Apple is finally ready to let Siri grow up. Specifically, the publication relays that Apple will finally offer official Siri APIs to developers, thus paving the way for third-party integrations, the kind that Amazon Echo users can't seem to get enough of. Things like ordering an Uber or pizza are currently impossible, because Siri is locked down by Apple. What's more, Apple is also reportedly working on a standalone device meant to compete with the Amazon Echo and Google's recently unveiled Google Home. If that's true, it's huge news -- Apple has been lacking any kind of smart home hub until now, but a Siri-powered device would be a serious play to get Apple into our homes. Google is the latest tech giant to announce a virtual home assistant. It unveiled Google Home, a small round gadget with microphones and speakers that listen and respond to your questions and commands.

MojoKid writes from a report via Hot Hardware: ARM has been working closely with TSMC for years now. Over the last six years or so especially, ARM and TSMC have collaborated to ensure that TSMC's cutting-edge process technologies work well with ARM's processor IP. However recently, ARM just announced the successful tape-out of a test chip featuring next-generation, 64-Bit ARM v8-A mobile processor cores, codenamed Artemis, manufactured using TSMC's upcoming 10nm FinFET process technology. The test chip features what ARM calls an Artemis cluster. It's essentially a quad-core processor with power management IP, a single-shader Mali graphics core, AMBA AXI interconnect, and test ROMs connected to a second cluster by an asynchronous bridge that features the memory subsystem, which is stacked with a Cortex M core that handles control logic, some timers, SRAM, and external IO. Compared to 16nm FinFET+, at nominal voltage, the 10nm test chip offered a 12% performance improvement in a similar power envelope. In super-overdrive mode (Vsod), the Artemis test chip offered similar performance, but at 30% lower power.SoCs for premium mobile devices with next-generation cores produced on the 10nm process node are expected to arrive later in the second half of this year.

An anonymous reader writes: Google unveiled the biggest update to Android Wear yet at Google I/O -- Android Wear version 2.0. Google VP of Engineering for Android Wear David Singleton said the new version represents a "holistic pass across the design of the whole system" and focuses on providing users more glanceable information, improved messaging tools (including support for keyboards, handwriting recognition and smart replies), as well as new fitness and wellness features. The design features improved Material Design aesthetics with an emphasis on color. By default, the navigation drawer is always at the top of the screen and notifications themselves will always show up at the bottom. Android Wear 2.0 features standalone apps that communicate directly over the Internet via Bluetooth, Wi-Fi, or cellular. Apps are no longer exclusively relying on a tethered phone or cloud syncing. There's a Complications API, which allows developers to pass raw data to watch faces. Wear 2.0 adds two new input methods: a swipe-style keyboard for typing and a handwriting recognition mode to sketch letters on your watch's screen to spell out messages. There have also been various Google Fit-related improvements to make Android Wear watches better fitness trackers. Android Wear 2.0 is available today as a developer preview, with the finished product being released this fall.

An anonymous reader writes: Researchers at Kaspersky have discovered an improved version of Backdoor.Win32.Skimer infecting ATM machines worldwide. The new Skimer allows criminal access to card data, including PIN numbers, as well as to the actual cash located in the machine. The malicious installers use the packer Thermida to disguise the Skimer malware which is then installed on the ATM. If the ATM file system is FAT32, the malware drops the file netmgr.dll in the folder C:\Windows\System32. If the ATM has an NTFS file system, netmgr.dll is placed in the executable file of the NTFS data stream, which makes detection and analysis of the malware more difficult. Skimer may lie dormant for months until it is activated with the phsyical use of a "magic card," which gives access control to the malware, and then offers a list of options that are accessed by inputing a choice on the pin pad. The user can then request the ATM to: show installation details, dispense money, start collecting the details of inserted cards, print collected card details, self delete, enable debug mode, and update. Here's a video of the Skimer malware in action.

An anonymous reader writes from a report via Ars Technica: For the first time, Firefox has pulled ahead of Microsoft's Internet Explorer and Edge browsers. Mozilla's Firefox grabbed 15.6 percent of worldwide desktop browser usage in April, according to the latest numbers from Web analytics outfit StatCounter. Google Chrome continues to dominate two thirds of the market. StatCounter, which analyzed data from three million websites, found that Firefox's worldwide desktop browser usage last month was 0.1 percent ahead of the combined share of Internet Explorer and Edge at 15.5 percent. Firefox has reportedly been losing market share over the last three months, but Microsoft's Edge and Internet Explorer browsers appear to be declining faster. Last week, Mozilla launched Test Pilot, a program for trying out experimental Firefox features. They've also been fighting the FBI in court for details about a vulnerability in the Tor Browser hack, which may affect the company since the Tor browser is partially based on the Firefox browser code.

An anonymous reader writes: The Raspberry Pi Zero has received its first major hardware upgrade today: a camera connector. The new addition of a camera connector works well with the two new Sony imaging modules announced last month. The board will retain its $5 price, too. Eben Upton, Raspberry Pi founder, said in a blog post that "through dumb luck, the same fine-pitch FPC connector that we use on the Compute Module Development Kit just fits onto the right hand side of the board." The team was able to close the feature gap between the Zero and larger Pi boards by moving the surface components towards the left, and rotating the activity LEDs. The CSI connector on the Zero is 3.5mm smaller than the adapter on the Pi 3, so you will need to invest in a new cable if you've already invested in a camera module for an existing project.

prisoninmate quotes a report from Softpedia: It took the Debian developers many years to finally be able to ship a working version of ZFS for Linux on Debian GNU/Linux. For those not in the known, ZFS on Linux is the official OpenZFS implementation for Linux, which promises to offer native ZFS filesystem support for any Linux kernel-based operating system, currently supporting Arch Linux, Ubuntu, Fedora, Gentoo, Red Hat Enterprise Linux, CentOS, openSUSE, and now Debian. And it looks like their ZFS for Linux implementation borrows a lot of patches from Ubuntu, at least according to the changelog for zfs-linux 0.6.5.6-2, the version that is now available in the unstable channel for Debian users to install and test.

An anonymous reader quotes a report from Softpedia: In a Google Groups thread named "Intent to implement: HTML5 by Default," the Google developers announced initial plans to implement a new feature in the Chromium core that will disable the playback of Flash content by default, and use HTML5 instead, if available. The feature is scheduled to ship with Chromium builds in Q4 2016, according to the current timeline. To avoid "overprompting," a whitelist will allow ten major websites to continue to show Flash content by default without pestering users with "Allow domain.com to run Flash Player" prompts. The whitelist will be in effect one year only. The list includes the domains of YouTube, Facebook, Yahoo, VK, Live, Yandex, OK.ru, Twitch, Amazon, and Mail.ru, the biggest sites running Flash content today. Previews of the settings and prompts UI are also available.

An anonymous reader quotes a report from Mac Rumors: A large number of MacBook Pro owners running OS X El Capitan are reporting widespread system freezes since installing the 10.11.4 update to Apple's Mac OS. The problem appears to be concentrated on 13-inch Retina MacBook Pros (Early 2015) running 10.11.4. Users report that their system becomes totally unresponsive at seemingly random times, with no way to regain access to their Mac other than to force a hard reboot. The issue was initially reported by MacRumors forum member Antonnn on March 25, four days after Apple released what is the third update to the Mac OS. In Antonnn's case, the freezes have been occurring "about once a week," first when browsing in Safari, but then also during the use of other Mac apps, including Adobe Photoshop and several third-party browsers. The freeze seems to affect not only the screen and mouse cursor but also the Mac's Force Touch trackpad, which completely loses feedback. Apple Support is apparently aware of the issue but have so far offered no concrete solution. Meanwhile, some users have resorted to downgrading their system to 10.11.3 by restoring from a Time Machine backup or performing a clean install. Hundreds of others have posted to a dedicated thread discussing the issue. Bill Mattheis posted a video on YouTube of the freezing he has experienced on his MacBook Pro.

mask.of.sanity quotes a report from The Register: Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-Zip compression tool to stop attackers gaining full control of customer machines. Marcin Noga, Cisco security researcher, found and reported the holes to the platform, which could allow attackers to compromise updated machines, giving attackers the same access rights as logged-in users. FireEye and MalwareBytes are two of many products that use 7-Zip. "An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format files ... [which] can be triggered by any entry that contains a malformed Long Allocation Descriptor," Colleague of The Register Jaeson Schultz said. The flaws were fixed in 7-Zip 16.00, which was released Tuesday.

An anonymous reader writes: Opera Software has added a power-saving mode to its desktop web browser that "can increase the battery life by as much as 50 percent." The company claims optimizations are what has made the battery life increase possible, including "reducing activity from background tabs, adapting page-redrawing frequency, and tuning video-playback parameters." Opera claimed that a laptop running Windows 10 64-bit with the power-saving feature enabled lasts 49 percent longer than one with Chrome put under equal stress. Ad blocking was turned on during the test as well. The feature is not enabled by default, but a blue battery icon will appear next to the browser's address bar whenever the power cable is unplugged from your computer. When the laptop's battery is running low, the browser will suggest turning on power-saving mode, too. Earlier this week, Opera launched a new VPN app for iOS that is free to use and includes unlimited data.

An anonymous reader writes from a report via Bloomberg: FBI Director James Comey said the FBI is exploring how to make broader use of the hack, used to access a San Bernardino terrorist's encrypted iPhone, while bracing for a larger battle involving encrypted text messages, e-mails and other data. The tool could "in theory be used in any case where there's a court order" to access data on an iPhone 5c running Apple's iOS 9 OS, Comey told reporters in Washington on Wednesday. However, accessing content on a phone, known as "data at rest," is only part of the challenge that encryption poses for U.S. investigators. Software applications and other services that encrypts texts, e-mails and other information in transit over the Internet, known as "data in motion," are "hugely significant," especially for national security investigations, Comey said. He said criminals are increasingly using services that encrypt data in motion, and he didn't rule out litigation against companies such as WhatsApp. "WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house." As for whether or not there will be litigation against WhatsApp down the road, Comey says, "I don't know." The FBI is trying to figure out how to allow "law enforcement around the country with court orders to be able to use our tool," Comey said. It's "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court preceding if there isn't a procedure in place to prohibit testimony about how it works.