The Register reports that a new security bug in systemd "can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box" by a malicious host on the same network segment as the victim. According to one Red Hat security engineer, "An attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution." According to the bug description, systemd-networkd "contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisements are received." OneHundredAndTen shared this article from the Register: In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default. Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. If you run a systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.

Read more of this story at Slashdot.

Istanbul summit addresses numerous issues, including Idlib demilitarised zone, constitutional reform and refugees.

An anonymous reader writes: A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages used typo-squatting in the hopes a user would install them by accident or carelessness when doing a "pip install" operation for a mistyped more popular package, like Django (ex: diango). Eleven libraries would attempt to either collect data about each infected environment, obtain boot persistence, or even open a reverse shell on remote workstations. A twelfth package, named "colourama," was financially-motivated and hijacked an infected users' operating system clipboard, where it would scan every 500ms for a Bitcoin address-like string, which it would replace with the attacker's own Bitcoin address in an attempt to hijack Bitcoin payments/transfers made by an infected user. 54 users downloaded that package -- although all 12 malicious packages have since been taken down. Four of the packages were misspellings of django -- diango, djago, dajngo, and djanga.

Read more of this story at Slashdot.

"NASA's Hubble Space Telescope returned to normal operations late Friday, Oct. 26, and completed its first science observations on Saturday, Oct. 27 at 2:10 AM EDT," NASA reports. The observations were of the distant, star-forming galaxy DSF2237B-1-IR and were taken in infrared wavelengths with the Wide Field Camera 3 instrument. The return to conducting science comes after successfully recovering a backup gyroscope, or gyro, that had replaced a failed gyro three weeks earlier. A gyro is a device that measures the speed at which the spacecraft is turning, which is necessary to help Hubble turn and lock on to new targets. One of Hubble's gyros failed on Oct. 5, and the spacecraft's operations team activated a backup gyro the next day. However, the backup incorrectly returned rotation rates that were far in excess of the actual rates. Last week the operations team commanded Hubble to perform numerous maneuvers, or turns, and switched the gyro between different operational modes, which successfully cleared what was believed to be blockage between components inside the gyro that produced the excessively high rate values. Next, the team monitored and tested the gyro with additional maneuvers to make sure that the gyro was stable. The team then installed additional safeguards on the spacecraft in case the excessive rate values return, although this is not anticipated... Hubble is now back in its normal science operations mode with three fully functional gyros. Originally required to last 15 years, Hubble has now been at the forefront of scientific discovery for more than 28 years. The team expects the telescope will continue to yield amazing discoveries well into the next decade, enabling it to work alongside the James Webb Space Telescope.

Read more of this story at Slashdot.

Many belonging to religious minorities are leaving the country but not everyone can afford it.

Bolsonaro's rise has come amid a backdrop of economic and political turmoil, corruption scandals and rising violence.

The Israeli prime minister visited Oman just three days after Palestinian President Mahmoud Abbas in a move expected to increase pressure on Palestine to participate in US-led peace negotiations.

The outgoing UN envoy to Syria is hopeful that high-level meetings will lead to a solution, but is facing resistance from Syria's government about the who will attend the meetings.

An anonymous reader quotes NBC News: The California man behind a years-long string of hoax 911 calls -- including one that ended in a Kansas man's death -- wants to plead guilty to all charges, court documents revealed. Tyler Rai Barriss, 25, intends to waive his right to trial and admit guilt to a 46-count federal indictment, according to a document he signed on Oct. 18 and was filed in U.S. District Court on Wednesday. Barriss faces up to life behind bars for his dozens of acts of "swatting" -- calling police to falsely report a serious crime, in hopes of drawing a massive response to the home of an unsuspecting target.... According to the court records, Barriss will admit to dozens of "swatting" incidents all over America between 2015 and the end of 2017, The false alarms connected to Barriss happened in Ohio, Nevada, Illinois, Indiana, Virginia, Texas, Arizona, Massachusetts, MIssouri, Maine, Pennsylvania, New Mexico, Indiana, Michigan, Florida, Connecticut and New York. Barriss performed SWATs if clients sent him $10 over PayPal -- occasionally demanding "upwards of $50," according to a new (possibly pay-walled) article on Wired. A Call of Duty player hired Barriss to SWAT a teammate who'd caused them to lose a $1.50 wager, but his intended target supplied a false address across town which resulted in the fatal police shooting. Both gamers are now "awaiting trial on lesser charges," reports NBC.

Read more of this story at Slashdot.

Seattle's increase in the minimum wage "brought benefits to many workers employed at the time, while leaving few employed workers worse off," reports the New York Times -- citing a new study by the same researchers who'd claimed last year that workers were hurt by the wage increase. "The dire warnings about minimum-wage increases keep proving to be wrong," argues a Bloomberg columnist, in an article shared by gollum123: The authors behind an earlier study predicting a negative impact have all-but recanted their initial conclusions. However, the authors still seem perplexed about why they went awry in the first place.... The increase was an "economic death wish" that was going to tank the expansion and kill jobs, according to the sages at conservative think tanks... Despite their dire forecasts, not only were new restaurants not closing, they were in fact opening; employment in food services and drinking establishments has soared... As we noted in 2017, the study's fatal flaw was that its analysis excluded large multistate businesses with more than one location. When thinking about the impact of raising minimum wages, one can't simply omit most of the biggest minimum-wage employers in the region, such as McDonald's and other fast-food chains, or Wal-Mart and other major retailers... There were two other glaring defects in the first study that are worth mentioning. The first is that its findings contradicted the vast majority research on minimum wages. As was demonstrated back in 1994 by economists Alan Krueger and David Card, modest, gradual wage increases have not been shown to reduce employment or hours worked in any significant way. Ignoring that body of research without a very good reason made the initial University of Washington study questionable at best. Second, there potentially is a problem with having a lead researcher -- economist Jacob Vigdor, whose affiliations among others include the right-leaning Manhattan Institute -- whose impartiality is open to question. Long-time Slashdot reader Martin S. writes that "When the UK introduced the minimum wage we had the same doom and gloom scenarios," adding that "the reality was very different." He argues that increasing the minimum wage "increased productivity so business did not suffer, reduced government spending on benefits, and increased the the velocity of money improving the overall economy. "It had no measurable effect on unemployment."

Read more of this story at Slashdot.

The five billion-dollar project is part of a European Union policy to move away from dependence on Russian gas after the Ukraine crisis in 2009 that saw Russian gas flows to Europe restricted.

Thousands of migrants and refugees move ahead after police roadblock in southern Mexico brought journey to standstill.

Multiple casualties reported and at least three police officers shot in the Squirrel Hill area of the city.

Canonical is applauding what it calls "exceptional adoption" of snaps -- and has shared some new statistics about its whole "Snappy" software deployment and package management system. Long-time Slashdot reader AmiMoJo shared this article from Neowin: snaps are seeing 100,000 installs every day on cloud, server, container, desktop and on IoT devices, which works out to around three million installs each month. Of course, these statistics don't only take into account snap installs on Ubuntu, but other distributions too. Canonical said that snaps are supported on 41 Linux distributions including Ubuntu, Debian, Linux Mint, Arch Linux, Fedora, and many more... Snap packages first launched alongside Ubuntu 16.04 which was released in 2016. They have several benefits over typical Linux packages, for example, their dependencies are bundled into the package making them easy to install, they get automatic updates and can be rolled back by the maintainer if issues arise, and they're sandboxed, giving the user more security.

Read more of this story at Slashdot.

The InfoWorld review of my first product, ThinkTank, in 1983. It was a really good day when this review came out. An ancestor of MORE, Frontier, Trello and all the outliners. Godchild of Doug Engelbart and Ted Nelson.