In this week's KDE Commit-Digest:Aurorae goes QML, ClientGroup becomes scriptable in KDE baseCalligra sees work on footnotes, all interactive painting tools are threading-friendly; Kexi introduces Simple User Feedback AgentRekonq adds about:tabs, an easy method to manage rekonq tabsread more

[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon

Forget Newt’s stance on Israel. A Las Vegas casino owner wants federal regulators to back off.

The Republican presidential candidacy is still far from decided, based on the split primaries and mixed polls so far. So here’s another source for trying to figure who’s really pulling ahead — the number of new Facebook fans that each candidate is getting, according to the Inside Facebook Election Tracker.

Mitt Romney is finally making some strong gains this month, in contrast to his Facebook performance over December. By “strong gains” I mean he’s been attracting a roughly similar number of fans to Ron Paul, the candidate who normally dominates on the web (and the clear leader last month). The two have fought for the daily lead for most of January, except for when Rick Santorum surged around his Iowa primary win on the 3rd.

Newt Gingrich, meanwhile, managed to win South Carolina on the 21st, which corresponded with his biggest gains on Facebook. But he’s still way weaker than the others. And the rest of the candidates are no longer registering any meaningful gains, whether or not they’ve officially dropped out.

Overall, Romney still has the most Facebook fans among Republicans, with 1.39 million. Paul is a distant second at 800,000. Gingrich is down at 250,000 and Santorum a pitiful 90,000.

Of course, these numbers only say so much about who’s actually the most popular. Fan growth can come through inorganic methods like Facebook ads, fan page promotions, or clever use of the news feed. And fans can come from anywhere in the world; they’re by no means primary voters. But, the gains made by Santorum and Gingrich right when they won their primaries suggests many new fans are Liking candidate pages organically, at least in the sense that users are acting on their because of larger events. Certainly, the low fan counts that these candidates are showing overall on Facebook suggest that they are not doing much of anything to reach more voters.

Paul’s fanbase could also be discounted because he consistently does well in online matchups like these, even though he has trouble winning primaries. But maybe that will change in Florida? He had the biggest day of the month recently, at 9,500 new fans on the 24th. As Brittany Darwell notes over on Inside Facebook regarding the other primary winners, the fan counts seem to start climbing right before they do well with the vote counts.

Otherwise, Romney’s position is looking stronger than ever, similar to the latest polls.

[SECURITY] [DSA 2394-1] libxml2 security update

[ GLSA 201201-15 ] ktsuss: Privilege escalation

In this era of technology and internet, social networking sites are getting more and more popularity. People are spending hours in front of them. For creating a social media website a platform is necessary, to make this easy came the social networking platforms. Let us now take a look of the five most popular open source-networking platforms available in the market

Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.

This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.

This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player’s ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0×400 allocated by WINMM!winmmAlloc), and then allowing us to either “inc al” or “dec al” a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.

AdaCore Security Advisory – All AWS releases and wavefronts prior to 2012-01-21 suffer from hash collision vulnerabilities.

Studio Manolibera’s listarivisteuk.php suffers from a remote SQL injection vulnerability.

Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.

IBBY’s nouvelles.php suffers from a remote SQL injection vulnerability.

As just about everyone should know by now, the seeds of what grew into Facebook were planted at Harvard. Might there be a bunch of mini-Zucks lurking in the dorms of Cambridge? If so, a new venture capital firm — the first housed right on the Harvard campus — wants to find them.

Dubbed The Experiment Fund, the firm describes itself as “a bridge between America’s oldest universities and storied venture capital firms.” Backed by New Enterprise Associates (NEA), the firm is made up of Hugo Van Vurren, NEA co-head Patrick Chung, and NEA General Partner Harry Weller — all of whom have a degree of some form from the school.

When I say it’s “right on the Harvard campus”, I’m not kidding — it’s going to be based out of 33 Oxford Street, which is Harvard’s School Of Engineering And Applied Sciences. It’s a bit more than a stone’s throw from Harvard Yard. With that said, the fund operates with complete independence from the university.

And if you’re not a Harvard student? Don’t sweat it too much. The fund says they’re open to anyone, “regardless of university affilation, nationality, age, or prior experience.” Being a Harvard student (or at least a Cambridge local) probably wouldn’t hurt, though.

While it seems the size of the fund isn’t set in stone yet (or at least, it wasn’t disclosed — I’ll look into it. Update: they’re not setting a cap at this point), the team says they expect to seed “several” companies with up to $250k over the next two years.

The media trumpets a crisis in Rx painkiller addiction, but only 1% of patients get hooked. The result? Doctors treat patients like addicts, while addicts escape responsibility.

The Fortigate UTM WAF appliance suffers from persistent and reflective cross site scripting vulnerabilities.

Basic Linux system auditing is a bit tricky and data collected and information of that is out of place and readability is not that good. Recently this lead me to put together a Open Source code project and develop simple BASH scripts that do the job nicely. The code and tar ball can be downloaded from both google code or from SourceForge’s website and the project website has links to documentation, help, installation and code.

Gentoo Linux Security Advisory 201201-16 – A debugging functionality in the X.Org X Server that is bound to a hotkey by default can be used by local attackers to circumvent screen locking utilities. Versions less than 2.4.1-r3 are affected.

Debian Linux Security Advisory 2396-1 – Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.

Debian Linux Security Advisory 2395-1 – Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code.

A month ago, we saw a marvelous demonstration of troll physics from YouTube user [Fredzislaw100]. In his video, we saw a circuit of three switches and three LEDs wired in series and but not acting like the should. A lot of the comments for this post elicited reasonable explanations like modifying the battery or pure camera wizardry via After Effects. Thankfully, [Alan] stepped in and showed us how it was done. The solution uses two AC power sources with diodes in two of the switches and LEDs and inductors in the third pair. [Alan]‘s build was rather large compared to the original video, so we were wondering how this circuit could be made invisible.

[Fredzislaw100] just posted a video on how he did it. Like [Alan]‘s build, it uses two AC power sources, diodes, and inductors. In contrast to every single guess about where the circuit is hidden, the majority of the build is inside the battery connector. [Fredzislaw] did some amazing work hiding a 74LV132 quad NAND Schmitt trigger inside the battery connector. The diodes were easily hidden on LEDs 1 and 3 with some red nail polish, but we’re amazed by the inductor built into the LED seen in the title pic.

So there you go. With a ton of electronics know-how and an extremely steady hand (and a microscope), you too can build your own troll circuit. Check out the video after the break.

Filed under: led hacks

When it comes to open source software, the question that needs to be asked today is not which businesses are using open source – but rather which businesses are not.

timeslive.co.za: It was a happy New Year’s Day for gang who pulled off…R42m Postbank heist

The Windows release of Kinect is coming up in a couple days, but for most people that won’t be a major event: the Kinect they have is sitting on their TV or in a drawer, waiting to be taken out for an impromptu Dance Central 2 party. Of the 10 million Kinects out there, the only ones connected to computers are the ones being fiddled with by the various hackers and students making science projects out the things.

But according to the Daily, Microsoft is hoping to remedy this particular situation by building Kinect sensors right into your laptops. TechCrunch alum Matt Hickey got to handle a pair of prototypes, which were confirmed to be official, not just one of the many experiments that hide within Microsoft’s various lairs.

Unfortunately the laptops were not ready for their debut and no pictures seem to have been permitted. But they are described as netbook-like, with a number of smaller sensors instead of a webcam, and what could be an IR LED at the bottom of the screen.

The inclusion of depth-sensing cameras on a laptop is an interesting idea, and if they can drive the price of the sensor array down, it might become a standard feature. Microsoft has clearly also been focusing on miniaturizing the Kinect hardware, as the bulky original would seem somewhat out of place on a petite netbook. Whether this smaller sensor set has the same capabilities as the larger isn’t clear and wasn’t discussed.

A smaller Kinect would also suggest that Microsoft’s next console, rumored to have Kinect built in, is nearing readiness. While many gaming industry insiders have discounted the idea that the next generation of consoles will be announced this year, the rumor mill says otherwise.

[Jaroslav's] camera didn’t have a feature to measure the speed of its response in different modes so he figured out his own method. Using the microphone on his webcam he recorded the sound made by the mirror and shutter movements, then used Audacity to analyze the camera’s performance.

When you get right down to it, this is a fantastic idea. Audacity, the open source audio editing suite, has the ability to show each captured audio track next to each other. That makes it easy for you to precisely align the clips, and has in-build time measuring features with fantastic resolution.

He tested a whole bunch of different settings on a Canon EOS600D DSLR camera. In the image above you can see him comparing performance between different ISO settings. He also looks into different brands and sizes of SD storage cards, as well as the time difference when storing raw image data versus JPEG encoded data.

Filed under: digital cameras hacks

Computer World: What Megaupload’s Demise Teaches about Cloud Storage