Mac OS X Mavericks is also a *nix, and also vulnerable to the Bash bug. Sean Gallagher

UPDATE, 9/25: The Bash vulnerability, now dubbed by some as "Shellshock," has been reportedly found in use by an active exploit against Web servers. Additionally, the initial patch for the vulnerability was incomplete and still allows for attacks to succeed, according to a new CERT alert. See Ars' latest report for further details, our initial report is below.

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous as there are many possible ways Bash can be called by an application,” a Red Hat security advisory warned.

The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network–based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.

Read 8 remaining paragraphs | Comments

The DJI Phantom 2 on display at CES. Sean Gallagher

A German man has been sentenced to a year of probation in his home country, a one-year ban from Yellowstone National Park in Wyoming, and a $1,600 fine after pleading guilty to illegally flying a drone (and crashing it into a lake) in the park in July 2014.

On Wednesday, local media reported that Andreas Meißner of Königswinter, Germany pleaded guilty to violating the ban on drones, filming without a permit, and leaving property unattended. Federal prosecutors dropped one charge—making a false report to a government employee—in exchange for the plea deal.

For months now, drone use in national parks has been something of a menace according to NPS authorities. In June 2014, the NPS banned drones in all parks following an initial ban in California’s Yosemite National Park. Other incidents going back to September 2013 have involved buzzing wild sheep in Utah, flying over nesting gulls in Alaska, and flying over visitors at Mount Rushmore in South Dakota.

Read 25 remaining paragraphs | Comments

This here is Comcast territory—you best be on your way. City Year

Comcast has made many arguments in support of its proposed acquisition of Time Warner Cable (TWC), but it keeps circling back to one: since the two cable companies don’t compete head-to-head in any city or town, there would be no harm in approving the deal.

But why don’t Comcast and TWC, the two largest cable companies in the US, compete against each other? And if the merger was denied, would they invade each other’s territory? Ars asked Comcast Executive VP David Cohen those questions today on a press call held to discuss Comcast’s latest filing with the FCC.

In short, Cohen said it’s too expensive to compete against other cable companies—even though Comcast is spending $45.2 billion to purchase Time Warner Cable. Comcast and TWC aren’t likely to start competing against each other even if they remain separate, Cohen explained:

Read 19 remaining paragraphs | Comments

iOS 8.0.1 fixes a handful of bugs with the new update. Andrew Cunningham

Update: Some users are reporting that the update is disabling cell service and TouchID buttons on some phones. I can confirm that this happened on my AT&T iPhone 6, though a Verizon iPhone 5 still seems to be getting service just fine. For now we recommend holding off—do not download and install this update yet.

Update 2: Apple has pulled the 8.0.1 update. Affected iPhone 6 users are allegedly being told by Apple support to try restoring their phones with iTunes.

Update 3: On our iPhone 6, restoring through iTunes has re-installed iOS 8.0 and it appears to be working normally. This process erases your data from the phone, but it appears to be the best way to get back up and running as of this writing.

Read 4 remaining paragraphs | Comments

HAT-P-11b is 4.7 times the size of Earth and has 25 Earth masses. Harvard Center for Astrophysics

After a difficult search, scientists have found definitive traces of water on a relatively small exoplanet for the first time. The exoplanet in question, HAT-P-11b, is the size of Neptune and has copious amounts of both water vapor and hydrogen in its atmosphere.

Using the Hubble Space Telescope, the Spitzer Space Telescope, and the Kepler spacecraft, a team of scientists obtained spectrographic data as HAT-P-11b passed in front of its host star, allowing them to determine the planet’s atmospheric composition.

While other exoplanets with water have been discovered, these have mostly been gas giants larger than Jupiter. HAT-P-11b is the first significantly smaller planet with water to be discovered. The discovery paves the way for searches for water, perhaps even on smaller, more Earth-like planets.

Read 10 remaining paragraphs | Comments

Lots of animals choose their mates based on exaggerated features—think of the enormous antlers of moose or the elaborate plumage of many bird species. The explanation for this is what's sometimes termed "honest signaling"—if an animal has the health and metabolic resources to devote to growing these sorts of sex-specific features, then they've probably got the genetic wherewithal to produce healthy offspring. As long as nobody cheats—makes something that just looks like it took a lot of effort—the system works well from an evolutionary perspective.

Do humans engage in honest signaling? Clearly, there are features we associate with one or the other sex, and researchers have looked in to whether they might act as signals, feeding in to evolutionary selection. For example, some research has suggested that feminine faces on females act as a signal for fertility, as they're associated with estrogen levels. A masculine appearance, which is linked to testosterone levels, has been suggested to reflect health and disease resistance. And various studies have shown that the opposite sex appreciates faces that are strongly masculine or feminine.

So, in a neat and tidy package, we have an evolutionary explanation for both our appearances and our preferences for them. Or so a lot of people have argued. But a new study in PNAS argues that this is all an artifact of who we're asking. Do some studies in pre-industrial societies, and you get a very different answer.

Read 10 remaining paragraphs | Comments

Japan's Air Self Defence Force has marked the 60th anniversary of its founding with a display using plane-shaped scooters.

Dave Toussaint

For the first time, black bears at Yosemite National Park are being outfitted with GPS devices that will provide rangers with the ability to track their movements in real time.

The National Park Service said Tuesday that the trackers will help protect bears and the public from encroaching danger. And during park programs, rangers will now discuss the bears' movements with visitors. Previously, bears at the California-based national park were being tracked via radio telemetry, but that technology only provided readings in what the park service called the "developed" areas of the 1,190-square-mile park.

"This project will expand the park's understanding of Yosemite's black bear population and help to keep bears wild and visitors safe," Yosemite superintendent Don Neubacher said in a statement.

Read 5 remaining paragraphs | Comments

BlackBerry

BlackBerry's Passport phone caught our eye when it was announced this summer, mostly because of its odd screen and marketing pitch. It has some vague similarities to last year's BlackBerry Q10, but with a larger 4.5-inch square screen that's meant to show you more horizontal content at once. The self-described "IMAX of productivity" is being released today at a price of $599 unlocked ($249 on-contract).

The Passport is named for the thing it is shaped like—it's roughly the same size as a US or Canadian passport. The keyboard underneath its square screen isn't quite a full traditional BlackBerry keyboard. It has all the letters, the spacebar, and a couple of other keys, but for numbers or Shift or any others, you'll need to switch between physical and onscreen buttons. We enjoyed BlackBerry 10's software keyboard quite a bit when we reviewed the Z10 last year, but this hybrid seems potentially awkward.

Early reviews for the device have been mixed but generally negative. Most praise the phone's solid construction and the quality of the 1400×1400 display. The Wall Street Journal criticized its 13MP camera and its lack of apps (despite the addition of Amazon's app store to BlackBerry's own), saying that the position of the physical keyboard made the phone feel top-heavy and lopsided to type on. Engadget likewise complained about the lack of apps, while complimenting the keyboard's ability to act as a trackpad in landscape mode.

Read 2 remaining paragraphs | Comments

Comcast Executive VP David Cohen. Comcast

Comcast today submitted a 324-page response to critics of its purchase of Time Warner Cable, telling the Federal Communications Commission that there is no reason for people to be concerned about the merger.

In an accompanying blog post, Comcast Executive VP David Cohen claimed that “virtually all” people who submitted comments to the FCC support the merger whether they know it or not.

“Virtually all commenters recognize and concede—either explicitly or through their silence—that the transaction will deliver substantial consumer welfare and public interest benefits to residential and business customers and in the advertising marketplace,” Cohen wrote.

Read 4 remaining paragraphs | Comments

ISRO

Mars has become the destination of choice for ambitious space agencies and nations, and now India is among that group. After a successful maneuver, the Mars Orbiter Mission (MOM) has entered an orbit about 420 km above the surface of Mars (MOM is informally called Mangalyaan, which is Hindi for Mars vehicle). It will soon begin to photograph the planet’s surface and analyze the atmospheric composition.

(Disclosure: As a member of two previous missions to Mars, I understand the excitement and challenges of landing, or in the case of Mangalyaan, orbital insertion. Waiting for a signal telling the ground staff about the mission’s fate must have been a nerve-wracking time for staff of the Indian Space Research Organization [ISRO].)

Attraction of the red planet

Ever since the earliest telescopic observations in the 17th and 18th centuries, Mars has shown tantalizing hints of seasons, water, and active geological processes. Over the centuries, our understanding about Mars has changed as the resolution of telescopes and spacecraft cameras and spectrometers has greatly improved.

Read 7 remaining paragraphs | Comments

The BBC's Rory Cellan-Jones takes a look at Blackberry's latest smartphone, which it calls Passport.

BTC Keychain

Since the beginning of last year, angry customers have filed dozens of formal complaints with the Federal Trade Commission (FTC) against two embattled Bitcoin miner manufacturers.

According to data Ars recently obtained via the Freedom of Information Act, 80 people complained about orders made at CoinTerra and HashFast between January 2013 and July 2014. These orders are collectively worth over $1.2 million spread between the two companies.

The complaints come from all over the globe, including Italy, Australia, India, Taiwan, Belgium, and mostly, the United States. The complaints are all very similar: they detail orders that were never fulfilled, refunds that were never issued, and/or e-mails that went unanswered.

Read 12 remaining paragraphs | Comments

The BBC's Rami Ruhayem says after witnessing thousands of refugees fleeing IS militants in Syria over recent days, today he saw people crossing back into the country from Turkey.

Abba Abashi a Liberian-Nigerian student in the Kenyan capital Nairobi has been speaking with the BBC about his efforts to maintain contact with family members in Liberia

More than 3,000 Yazidi women and children have been captured by Islamic State militants and are being trafficked for sex, the BBC learns.

The rise of USB 3.0 as a high speed interface for PCs and the increasing affordability of flash memory has led to some very interesting products. USB flash drives are a dime a dozen, but there is scope for manufacturers to differentiate themselves. Corsair's Flash Voyager GTX series brings SSD controllers to the flash drive market. Coupling it with a SATA - USB 3.0 bridge allows them to set benchmark records for their product line. More importantly, it brings some unique features. The rest of the review will present the DAS (direct-attached storage) benchmark numbers from our evaluation of the 256GB version, along with a few observations.

Benchmarking with HD Tune Pro

The unit was benchmarked in our DAS testbed (running Windows 8.1 Pro x64) after formatting it in NTFS. Prior to formatting, we ran HD Tune Pro's artificial benchmarks on the drive. Note that the sequential read / writes do not make a lot of sense for SSDs or flash drives, as they are more for determining how bandwidth varies as we go further away from the spindle in hard drives.

Gallery: Corsair Flash Voyager GTX USB 3.0 256GB Flash Drive - HD Tune Pro Benchmarks

From the gallery above, we have around 336 MBps reads and around 178 MBps writes for random accesses. For large (8 MB) accesses, this improves to 395 MBps reads and 231 MBps writes.

TRIM Support

HD Tune Pro's information page shows that the flash drive supports all the S.M.A.R.T features as well as a multitude of other SATA features. Importantly, TRIM is supported. Using CyberShadow's TrimCheck utility, we confirmed that TRIM does indeed work on the Flash Voyager GTX.

Benchmark Numbers

Moving on to real-life benchmarks, we first have the robocopy benchmarks with various queue depths (as made visible to end users through robocopy's multi-threaded option)

Corsair Flash Voyager GTX USB 3.0 256 GB robocopy Benchmarks (MBps)   Write to DAS Read from DAS   8 16 32 64 8 16 32 64 Photos 122.72 116.11 118.37 119.59 279.94 313.99 303.84 295.13 Videos 122.40 118.19 118.90 118.81 298.63 292.18 289.24 288.14 BR 117.35 118.09 114.84 117.06 297.71 291.59 289.20 285.51

The robocopy benchmarks represent the typical use-case for high-speed flash drives. However, we also processed PC Mark 8's storage bench. Out of the various available workloads, we chose a few multimedia processing traces.

Corsair Flash Voyager GTX USB 3.0 256 GB PCMark8 Storage Benchmarks (MBps)   Write Bandwidth Read Bandwidth Adobe Photoshop (Light) 140.46 105.57 Adobe Photoshop (Heavy) 153.69 107.60 Adobe After Effects 123.47 120.05 Adobe Illustrator 138.09 114.13   Corsair SSD Toolbox

The Flash Voyager GTX is also recognized by Corsair's SSD Toolbox. One of the interesting facts revealed by the toolbox is the firmware version, S9FM01.7. A cursory search of the version number on the Internet reveals that the controller in the flash drive is the Phison S9. Readers might remember the previous generation Phison S8 controller being used in the Corsair Force Series LS SSD. It is heartening to see that the SSD controller along with the flash chips and the SATA - USB 3.0 bridge can be packed in such a small form factor.

The SSD Toolbox also allows for upgrading the firmware and configuring the overprovisioning (i.e, X GB out of 256 GB can be set aside, invisible to the OS, for use by the SSD controller to prolong the life of the flash).

Concluding Remarks

Coming to the business end of the review, the Corsair Flash Voyager GTX USB 3.0 flash drive continues Corsair's tradition of improving the performance of their USB 3.0 flash drive every year. As icing on the cake, we have a real SSD controller in the form of the Phison S9 inside.

The performance of the drive leaves us with no doubt that it would be a great Windows-to-Go drive. Unfortunately, Corsair has not decided to pursue the certification process. As far as non-enterprise consumers go, this is perfectly acceptable - the performance for Windows-to-Go is there without the extra cost associated with obtaining the certification that eventually gets passed on to them.

Minor points of concern include Corsair's refusal to divulge the flash memory configuration / SATA - USB 3.0 bridge model being used (as these could potentially change in future production runs) and the inability to configure overprovisioning for non-NTFS file systems.

Pretty much the only downside is the premium that one needs to pay for the form factor. The 256GB version currently retails for $220 on Amazon, which is at least $70 more than what one would pay for a 2.5" SSD and a bus-powered USB 3.0 enclosure. There are definitely use-cases where the form factor (and absence of hanging cables) plays an important role. In those roles, the Corsair Flash Voyager GTX is one of the top performers.

Indian scientists successfully put a satellite into orbit around Mars, becoming only the fourth space agency to do so.

Radical Muslim cleric Abu Qatada is expected to be released 'within hours' after a Jordanian court ruled there was insufficient evidence against him.

Version:next-20140924 (linux-next) Released:2014-09-24