An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

An anonymous reader writes: With this month's Raspbian OS update, the Debian-based operating system for the Raspberry Pi ships experimental OpenGL driver support. This driver has been developed over the past two years by a former Intel developer with having a completely open and mainline DRM kernel driver and Mesa Gallium driver to open up the Pi as a replacement to the proprietary GPU driver.

AmiMoJo writes: Japanese broadcasters have indicated that 4k and 8k broadcasts may have recording disabled via a 'do not copy' flag [via Google Translate], which receivers would be expected to obey. Now the Internet Users Association (MIAU) and Shufuren (Housewives Federation) have submitted documentation opposing the ban. The document points out that the ban will only inconvenience the majority of the general audience, while inevitably failing to prevent unauthorized copying by anyone determined to circumvent the protection.

janoc writes: It seems that the infamous FTDI driver that got famous by intentionally bricking counterfeit chips [NOTE: that driver was later removed] has got a new update that injects garbage data ('NON GENUINE DEVICE FOUND!') into the serial data. This was apparently going on for a while, but only now is the driver being pushed as an automatic update through Windows Update, thus many more people stand to be affected by this.

Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.

An anonymous reader writes with news about an editor revolt at Wikimedia to remove Arnnon Geshuri from the foundation's board. Ars reports: "Nearly 200 Wikipedia editors have taken the unprecedented step of calling for a member of the Wikimedia Foundation board of directors to be tossed out. The Wikimedia Foundation, which governs both the massive Wikipedia online encyclopedia and related projects, appointed Arnnon Geshuri to its board earlier this month. His appointment wasn't well received by the Wikipedia community of volunteer editors, however. And last week, an editor called for a 'vote of no confidence on Arnnon Geshuri.' The voting, which has no legally binding effect on the Wikimedia Foundation, is now underway. As of press time, 187 editors had voted in favor of this proposition: 'In the best interests of the Wikimedia Foundation, Arnnon Geshuri must be removed from his appointment as a trustee of the Wikimedia Foundation Board.' Just 13 editors have voted against, including Wikimedia board member Guy Kawasaki.

itwbennett writes: Google has developed a patch for Android in response to a flaw in the Linux kernel and has shared it with device manufacturers. That doesn't mean the patch will hit users' phones right away, though. It might take weeks. But that's ok, says Google, because most Android devices are unlikely to run vulnerable kernel versions, and those that do are protected by SELinux.

An anonymous reader writes: AMD has confirmed that their Vulkan Linux driver will only work with the new AMDGPU kernel driver, meaning that for right now on the desktop, Vulkan will just work on the Radeon R9 285, R9 380, R9 380X and R9 Fury series — not even the other Rx 200/300 series graphics cards. This limitation exists because the AMDGPU driver only works with GCN 1.2 and newer. In time, AMD may allow the driver to work on older GCN GPUs going back to the HD 7000 series. But wait: AMDGPU is open-source. AMD is welcoming community support to help bring AMDGPU (and thereby Vulkan) to these older GPUs. The work involved would be porting GCN 1.0/1.1 support from the existing open-source Radeon DRM driver over to the new AMDGPU DRM driver. The Vulkan code itself is said to already be compatible with all GCN GPUs going back to the HD 7xxx series.

schnell writes: Engadget reports that a few recent top-tier video game releases using updated DRM technology have gone uncracked for more than a month and left DRM hackers stymied thus far. The games FIFA 16 and Just Cause 3, using an updated DRM system called Denuvo, have thus far frustrated experienced Chinese crackers' best efforts far longer than the usual 1-2 weeks it takes for most games to be cracked. Although the article is light on technical details about what makes the new DRM system harder to defeat, it does note that "Based on the current pace of encryption tech, 'in two years time I'm afraid there will be no free games to play in the world,' said one forlorn pirate."

HughPickens.com writes: Researchers Halfaker, Geiger, Morgan, and Riedl have a new paper on the topic of open collaboration systems about how Wikipedia's reaction to its popularity is causing its decline. From the Abstract: "Open collaboration systems like Wikipedia need to maintain a pool of volunteer contributors in order to remain relevant. Wikipedia was created through a tremendous number of contributions by millions of contributors. However, recent research has shown that the number of active contributors in Wikipedia has been declining steadily for years, and suggests that a sharp decline in the retention of newcomers is the cause. This paper presents data that show that several changes the Wikipedia community made to manage quality and consistency in the face of a massive growth in participation have ironically crippled the very growth they were designed to manage. Specifically, the restrictiveness of the encyclopedia's primary quality control mechanism and the algorithmic tools used to reject contributions are implicated as key causes of decreased newcomer retention. Further, the community's formal mechanisms for norm articulation are shown to have calcified against changes – especially changes proposed by newer editors."

Press2ToContinue writes: Apple's Lightning cable cartel be damned: Switzerland is moving forward with a plan for a single, universal phone charger across the country, standardizing phone chargers across the board. While the exact standard hasn't been mentioned yet, it wouldn't be hard to guess the standard: Micro USB, used across phone platforms, most especially Android, which has a gigantic chunk of the cell phone market worldwide.

The likely loser? Apple, which has relied on proprietary chargers since introducing the iPhone in 2007. While many companies have tried releasing generic cables, Apple often relies on DRM software to ensure that it's an Apple certified cable, charging $19 a piece for the Lightning charger used by the iPhone 5 and 6 and similar models.

What do you think -- are government-mandated standards for chargers a good idea? Despite the success of the standard household 3-prong electrical plug, doesn't this hamper progress? China seems to have done most of the work on the wall-circuit side of the equation,several years ago. But as to the "standard" 3-prong plug, any particular plug type is only as universal as the sockets and voltages they supply.

Robotech_Master writes: It always puzzles me whenever I run across a post somewhere that uses JavaScript to try to prevent me from copying and pasting text, or even viewing the source. These measures are simple enough to bypass just by disabling JavaScript in my browser. It seems like these measures are very similar to the DRM publishers insist on slapping onto e-books and movie discs—easy to defeat, but they just keep throwing them on anyway because they might inconvenience a few people.

jones_supa writes: For four years, Garth Braithwaite has been working at Adobe on open source projects as a design and code contributor. In addition to his work at the company, he also speaks at conferences about the power of design, improving designer-developer collaboration, and the benefits of open source. Still, he argues that the user experience is weak in many open source projects. One of the largest contributing factors is the lack of professional designers contributing to open source projects. Secondary to that, there are open source project owners who are unaware of the value of design or are unsure where to start with the design process. In an interview to Opensource.com, Braithwaite talks about the UX/UI topic, and gives some honorable mentions of projects that get it right.

An anonymous reader writes: A day after Philips announced that it would drop support for third-party Hue bulbs the company has reversed its decision. An announcement reads is part: "We recently upgraded the software for Philips Hue to ensure the best seamless connected lighting experience for our customers. This change was made in good faith. However, we under estimated the impact this would have on a small number of customers who use lights from other brands which could not be controlled by the Philips Hue software. In view of the sentiment expressed by our customers, we have decided to reverse the software upgrade so that lights from other brands continue to work as they did before with the Philips Hue system."

sandbagger writes: Purchasers of the Philips Hue 'smart' ambient lighting system are finding out that the new firmware pushed out by the manufacturer has cut off access to previously-supported lightbulbs. Philips contends that this move will help their customers. A statement from the company reads in part: "While the Philips Hue system is based on open technologies we are not able to ensure all products from other brands are tested and fully interoperable with all of our software updates. For guaranteed compatibility you need to use Philips Hue or certified Friends of Hue products."

New submitter kevin lyda writes: The creator of MST3K wants to bring it back. Anywhere from just three episodes up to a full season. Joel is also including options to make it DRM-free. Wired reports: "Hodgson officially launched a Kickstarter campaign to fund new episodes of the series. The initial goal of $2 million would fund only three episodes, but if the campaign does well enough, the project could make as many as 12 episodes (that maximum order would require $5.5 million). The rewards run the gamut from the typical t-shirt all the way up to fans contributing riffs to the episodes or hosting live installments of the show. But the real fun begins if MST3K finds an angel investor willing to splash some serious cash: 'Finally, if we raise $1 BILLION—stay with me on this one—we’re going to adopt a real live teenage boy and "Truman Show" him into believing he is the Pumaman!'"

An anonymous reader writes: Today marks three years since Valve's Steam client went into beta on Linux. In that time over 1,600 games have become natively available for Linux. Going beyond having many new Linux games, Phoronix recaps, "we've seen Valve make significant investments into the open-source graphics stack and other areas of Linux (in part through their sponsorship of Collabora and LunarG). Valve developers are significantly pushing SDL2. We've seen more mainstream interest in Linux gaming, and Valve has been heavily involved in the creation of the Vulkan graphics API. They have given away their entire game collection to the Mesa/Ubuntu/Debian upstream developers, and much more." The three-year anniversary is coincidentally just days before the release of Steam Machines.

Rick Zeman writes: The Washington Post has a lengthy article on Linus Torvalds and his thoughts on Linux security. Quoting: "...while Linux is fast, flexible and free, a growing chorus of critics warn that it has security weaknesses that could be fixed but haven't been. Worse, as Internet security has surged as a subject of international concern, Torvalds has engaged in an occasionally profane standoff with experts on the subject. ...

His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs. This is a process, Torvalds suggested, poorly understood by his critics. 'The people who care most about this stuff are completely crazy. They are very black and white,' he said ... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"

Of course, contradictory points of view are presented, too: "While I don't think that the Linux kernel has a terrible track record, it's certainly much worse than a lot of people would like it to be," said Matthew Garrett, principal security engineer for CoreOS, a San Francisco company that produces an operating system based on Linux. At a time when research into protecting software has grown increasingly sophisticated, Garrett said, "very little of that research has been incorporated into Linux."

BUL2294 writes: The U.S. Library of Congress' Copyright Office has published their newest rules regarding DRM circumvention. Much to the chagrin of car makers and agricultural vehicle manufacturers, DRM circumvention, with the exception of telmatics ("black box") and entertainment systems, and anything that would run afoul of DOT or EPA regulations, is now allowed for "diagnosis, repair or lawful modification of a vehicle function." In addition, jailbreaking is now extended to tablets, wearables, and smart TVs, but not to single-purpose devices like e-readers. An exemption has been carved out for security researchers to hack cars, voting machines, and medical devices — as long as that device is not being used for its purpose and is in an isolated environment. Finally, owners of abandoned video games that require server authentication (where such authentication is no longer available) may also circumvent DRM. DRM circumvention is NOT allowed for jailbreaking gaming systems and e-readers, and does not allow for "format-shifting" (e.g. moving e-books from one platform to another).

The full text of the new rules is available online (PDF), and will be published in the Federal Register on October 28, 2015.

An anonymous reader writes: There's no dearth of media technology today. Not only do modern console emulate set-top boxes, but there are dozens of tiny appliances that bring TV shows and movies to your screens with varying levels of convenience and cost. So, what setup do you use? I'm curious about the hardware you use to collect, transmit, and display the media, in addition to the software running it, and the services you use or subscribe to that provide the media. I imagine there are a lot of cord-cutters in this crowd — if that's the case, how do you acquire the shows you want to watch? What problems still need to be solved in this area?

An anonymous reader sends a story from TeleRead which argues that Amazon doing harm to the e-reader category of devices it helped create. The company has been aggressively pushing adoption of its Kindle Fire brand of tablets, dropping the price for the cheapest model down to $50. Compare that to the basic version of the e-ink Kindle: $80 if you don't want it cluttered with "special offers." If you care enough about an e-ink screen, you might still buy it, but most of those people probably already have e-readers. The general populace, when looking at the tablet's color screen, app ecosystem, and access to forms of entertainment beyond books, will probably consider the tablet a no-brainer.

This is in Amazon's best interest; if you buy an e-reader, you're only going to be buying books for it. If you buy a tablet, they can sell you videos and software, too. Amazon has succeeded in pushing several competing e-readers out of the market. They also refuse to experiment or innovate on the design; there have been no significant changes since the Paperwhite's backlighting technology in 2012. Given that ebook sales are no longer growing explosively, this could be a sign that the e-reader category of devices is stagnating.