firehose

An anonymous reader writes Developer Jonathan Rudenberg has discovered and pointed out a glaring security hole in Docker's system. He says, "Recently while downloading an 'official' container image with Docker I saw this line: ubuntu:14.04: The image you are pulling has been verified I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security. Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities." Docker's lead security engineer has responded here.

Read more of this story at Slashdot.

mpicpp writes with news that TripAdvisor, a travel website filled with user-generated reviews, has been hit with a €500,000 ($611,000) fine for "misleading customers" by failing to cull fake reviews from their list. "The regulator complained that people reading TripAdvisor Italy were unable to distinguish between genuine and fake reviews posted on the site. It said both were presented by TripAdvisor as 'authentic and genuine in nature.' Demanding payment of the fine within 30 days, the ICA also accused the travel company of failing to provide proper checks to weed out bogus postings."

Read more of this story at Slashdot.

Seahawks superstar Marshawn Lynch's postgame media session on Sunday night was almost as talked-about as his unbelievable TD run. It seems NFL fans weren't the only ones who enjoyed it.

Rams punter Johnny Hekker began his conference call with Seattle media today by answering "thanks for asking.''

— Bob Condotta (@bcondotta) December 23, 2014

And worth noting:

Wow >> RT @ccpearce: Might have an NFL first: SEA media requested the punter for the conf call w opposing city. #puntersdoconferencecallstoo

— Albert Breer (@AlbertBreer) December 23, 2014

You're great, Johnny Hekker. We like you.

There were plenty of deserving players left off this year's initial Pro Bowl roster.

Now that the Pro Bowl rosters have been announced, it's time for our favorite debate of the NFL season -- who was snubbed by the voters? We know it is really hard for the fans, writers and coaches to agree on the best players in the league, so it should be no surprise that several deserving players were not invited to this season's all-star party.

Last year the NFL made a change to the Pro Bowl format to spur fan interest and create more buzz. Instead of the familiar AFC vs NFC format, the players voted to the game are assigned to teams by "captains" via a fantasy draft. There are 88 players that participate in the Pro Bowl, though not all of them are drafted. Four are chosen as offensive and defensive captains, two are picked by coaches to fill special needs, and others are assigned to teams in order to fill out the rosters after the initial draft selections. This year's Pro Bowl will take place on Sunday, January 25, 2015 at University of Phoenix Stadium in Glendale, Ariz., one week before the Super Bowl is to be held there.

By taking conference affiliation out of the selection process, the format change has led to fairer results and has reduced the number of egregious mistakes made by the voters. But there were still a bunch of choices on this year's list of honorees that are hard to figure out. Here's a look at the most glaring snubs from the 2015 Pro Bowl roster:

Russell Wilson, QB, Seattle Seahawks

The Seahawks just need a win in Week 17 to seal up the top seed in the NFC for the second time in as many years. Yet somehow their superstar quarterback Russell Wilson was not honored as a Pro Bowler. Granted, there isn't a signal caller selected that wasn't deserving in their own right, but few players at the position challenge a defense in as many ways as Wilson.

Eddie Lacy, RB, Green Bay Packers

In 2013, Packers tailback Eddie Lacy ran for nearly 1,200 yards and 11 touchdowns, earning All-Pro and Pro Bowl honors in the process. Lacy has played even better this season, averaging over a half yard more per attempt and exceeding his touchdown total. This time, however, he did not earn a trip to the Pro Bowl. While Lacy isn't as big of a name, it's hard to argue LeSean McCoy had a better 2014 season.

Justin Forsett, RB, Baltimore Ravens

Baltimore's run game could have imploded after Ray Rice was sidelined with his suspension for domestic violence. Yet after several weeks of tinkering, the offensive coaching staff settled on journeyman Justin Forsett as the team's lead back. He responded with a career year -- 1,147 yards rushing and eight touchdowns.

Odell Beckham Jr., WR, New York Giants

Antonio Gates, TE, San Diego Chargers

Sports columnists wrote Antonio Gates' obituary multiple times over the past few seasons, but he keeps coming back with consistently great production. 2014 was his best season in at least four years as the future Hall of Famer caught 65 balls for 754 yards and 12 touchdowns with a game left to play.

Sheldon Richardson, DE, New York Jets

It's hard to garner Pro Bowl consideration when you're part of a terrible team, but Sheldon Richardson had a monster year for a 3-4 defensive end. The reigning Defensive Rookie of the Year doubled his sack total from a year ago while improving as a run stuffer.

Thomas Davis, LB, Carolina Panthers

Despite suffering multiple serious knee injuries, Thomas Davis remains a dynamic linebacker. He matched his career high for forced fumbles while coming in second on the Panthers in tackles.

First off, I should clarify that, yes, Dragon Quest Heroes is very much a Warriors-style game: You control a character and run through fields mowing down numerous enemies. It's a power fantasy formula that reliably sells, and that's all the developers would have to do to make a game that fans would buy. However, someone up top was obviously not content with the status quo and the development team have brought their A-game in terms of adding and mixing various elements to make a new and engaging experience.

LeBron James Jr. -- aka Bronny

Reuters interviewed 25 African American male officers on the NYPD, 15 of whom are retired and 10 of whom are still serving. All but one said that, when off duty and out of uniform, they had been victims of racial profiling, which refers to using race or ethnicity as grounds for suspecting someone of having committed a crime.     The officers said this included being pulled over for no reason, having their heads slammed against their cars, getting guns brandished in their faces, being thrown into prison vans and experiencing stop and frisks while shopping. The majority of the officers said they had been pulled over multiple times while driving. Five had had guns pulled on them.     Desmond Blaize, who retired two years ago as a sergeant in the 41st Precinct in the Bronx, said he once got stopped while taking a jog through Brooklyn’s upmarket Prospect Park. "I had my ID on me so it didn’t escalate," said Blaize, who has sued the department alleging he was racially harassed on the job. "But what’s suspicious about a jogger? In jogging clothes?"

So, what you're saying is there's going to be lots of close-up cuts of Sulu stomping on the Enterprise's clutch and forcefully downshifting.

The $45 billion takeover is on hold due to a delay in receiving documents from TWC.

Relaxed limits on what licensed U.S. travelers can bring home mean that Americans will be able to enjoy small quantities of the liquor at home. But, with the embargo still in place, the rum won't be flooding bars or the market. And it's unclear what the news means for industry titan Bacardi, which was driven from its Cuba headquarters by the 1959 Castro revolution. In the past, Bacardi has left the door open for a return to its homeland. But company representatives wouldn't give details when asked Thursday what, if any, plans it has if the more than 50-year-old embargo on Cuban goods ends, now that President Barack Obama is working to normalize relations with the country.

The eastern United States reported the most restless nights; West Virginia and Kentucky residents say they slept well only 16 of 30 days. Sleeplessness doesn’t seem to be a problem in the West, however. We’re getting the best sleep in the nation right here in Oregon, with about 77 percent of residents reporting a good night’s sleep regularly.

The Henley High and Middle school choirs assembled last week to sing “Carol of the Bells” in flash-mob fashion to supermarket patrons. But instead of attracting an audience when the group showed up at the Klamath Falls Walmart, the store’s manager quickly said local law enforcement would be called if they didn’t break  up the show.

Accused Boston Marathon bomber Dzhokhar Tsarnaev is asking a federal judge to clamp down on “self-appointed supporters” protesting on his behalf outside a Boston courthouse, arguing that their “inflammatory accusations” could hurt his right to a fair trial.

Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface. The attack, dubbed Thunderstrike, installs malicious code in a MacBook’s boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg. “It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple’s EFI firmware update routines,” Hudson said in the description of his upcoming presentation. “This allows an attacker with physical access to the machine to write untrusted code to the SPI flash ROM on the motherboard and creates a new class of firmware bootkits for the MacBook systems.” Malicious code installed in the MacBook boot ROM will be executed before the OS is loaded, meaning it can patch the OS kernel and have complete control over the system. It also means that reinstalling Mac OS X will not remove the bootkit and neither will replacing the hard disk drive, because the malicious code is not stored on it.

The FCC will soon decide whether to lay down rules regarding hotels' ability to block personal Wi-Fi hotspots inside their buildings, a practice that recently earned Marriott International a $600,000 fine. Back in August, Marriott, business partner Ryman Hospitality Properties and trade group the American Hotel and Lodging Association asked the FCC to clarify when hotels can block outside Wi-Fi hotspots in order to protect their internal Wi-Fi services. From elsewhere in the article: During the comment period, several groups called for the agency to deny the hotel group’s petition. The FCC made clear in October that blocking outside Wi-Fi hotspots is illegal, Google’s lawyers wrote in a comment. “While Google recognizes the importance of leaving operators flexibility to manage their own networks, this does not include intentionally blocking access to other commission-authorized networks, particularly where the purpose or effect of that interference is to drive traffic to the interfering operator’s own network,” they wrote.

Comcast also had an even more personal way of sucking up to Washington. Its government-affairs team carried around "We'll make it right" cards stamped with "priority assistance" codes for fast-tracking help and handed them out to congressional staffers, journalists, and other influential Washingtonians who complained about their service. A Comcast spokeswoman says this practice isn't exclusive to DC; every Comcast employee receives the cards, which they can distribute to any customer with cable or internet trouble. Nevertheless, efforts like this one have surely helped Comcast boost its standing inside the Beltway and improve its chances of winning regulatory approval for its next big conquest: merging with the second-largest cable provider in the country, Time Warner Cable.

One man, Jarrad Dann of Chandler, Ariz., listed himself as “The Man, The Myth, The Legend,” and claimed his “ridiculously good” ability at playing NCAA Football on XBOX 360 qualified him for the job. It’s hard to argue with him. Elsewhere, a man from Racine, Wis., named Greg Miller listed his skills in “Madden ’92, Bill Walsh ’93, and NCAA Football ’96 and ’97.” He also has some coaching experience of his own. “I have further successfully coached from my sofa every Saturday since 1987,” Miller, who said he was unemployed and living with his parents, wrote in his cover letter to Alvarez. On top of that, Alvarez also turned down a very intriguing candidate in Arturo Bonomie, a YMCA coach for first graders, who would have accepted the position in a package deal with his wife. “People tell me I can give one heck of a good pep talk on the sidelines and my wife makes a mean Gatorade,” Bonomie wrote. The fun doesn't end there. According to ESPN.com, a Wisconsin man named Justin Dodge listed "looking great in sideline attire", "believing in #karma" and being a "superb yeller" as his qualifications for the job. Additionally, Justin Bourgerie, an Indiana resident who says he ran a 4.6 40-yard dash as a high school punter, requested a $10 million salary. 

I asked — I didn’t know why.  I just asked a random question to my parents.  How do blind people read?  They didn’t really have time for me, so they said: “Sorry, I’m busy.  Can you go Google it?”

“Amy Poehler was new to SNL and we were all crowded into the seventeenth-floor writers’ room, waiting for the Wednesday night read-through to start. […] Amy was in the middle of some such nonsense with Seth Meyers across the table, and she did something vulgar as a joke. I can’t remember what it was exactly, except it was dirty and loud and “unladylike”.  Jimmy Fallon […] turned to her and in a faux-squeamish voice said, “Stop that! It’s not cute! I don’t like it.” Amy dropped what she was doing, went black in the eyes for a second, and wheeled around on him. “I don’t fucking care if you like it.” Jimmy was visibly startled. Amy went right back to enjoying her ridiculous bit.

A Florida woman has been arrested for damaging a Satanic Temple holiday display in the capitol building in Tallahassee -- a day after it was put up. An unidentified woman is being held for the incident, the Florida Department of Law Enforcement said. The extent of the damage was not specified. The display was erected Monday after two years of fighting with the state, which allowed a Christian nativity scene in 2012. Courts have ruled government properties can host religious displays but they cannot discriminate. This has left some government agencies vulnerable to allowing some religious displays they probably hadn't envisioned. The Satanic Temple's display featured an angel falling into a pit of fire. Writing across the top said, "Happy Holidays from the Satanic Temple."

But even the most successful women could not match some of their male classmates’ achievements. Some female computer science majors had dropped out of the field, and few black or Hispanic women ever worked in technology at all. The only woman to ascend through the ranks of venture capital was shunted aside by her firm. Another appeared on the cover of Fortune magazine as a great hope for gender in Silicon Valley — just before unexpectedly leaving the company she had co-founded. Dozens of women stayed in safe jobs, in or out of technology, while they watched their spouses or former lab partners take on ambitious quests. If the wealth among alumni traveled across gender lines, it was mostly because so many had wed one another. When Jessica DiLullo Herrin, a cheerleader turned economics whiz, arrived at the tailgate party, her classmates quietly stared: She had founded two successful start-ups, a living exception to the rule.

royallydirty:

boyswanna-be-her:

godzillapanda:

This is the best thing I have seen all day

THAT’S IT I’M DELETING

I HAVE SEEN THIS SO MANY TIMES

IT NEVER GETS OLD

sallyscience:

"Stop eating so much chocolate."

Me: “NO I SHAN’T IT’S CHRISTMAS”

"Stop listening to Christmas music."

Me: “NO I SHAN’T IT’S CHRISTMAS.”

"Stop trying to dress up the dog as a snowman."

Me: "NO I SHAN’T IT’S CHRISTMAS."

willlllllllllllllllllllllllllllllllllllllllllllllllf

daiquest:

sonypraystation:

jesus christ

oh my god

arthurconandoyle:

I LOVE THE GREAT MOUSE DETECTIVE!!!!!!!!!!!!!!!! I’M SICK OF DENYING IT!!!!!!!!!!!!!!! THE GREAT MOUSE DETECTIVE IS THE ONLY ADAPTATION OF MY WORK THAT TRULY UNDERSTANDS THE CRUCIAL THEMES

Likely fulfilling the dream of some Star Wars fan, who would normally keep that dream to themselves or a Reddit thread, Ellen Page will play Han Solo to Jessica Alba’s Princess Leia in the upcoming Empire Strikes Back live-read from Jason Reitman. As announced yesterday, Reitman is staging one of his now-traditional run-throughs of the film with another all-star cast, with Aaron Paul’s Luke Skywalker facing off against J.K. Simmons’ Darth Vader, Stephen Merchant contributing his British gangliness to C-3PO, Dennis Haysbert his insurance company pitchman smoothness to Lando Calrissian, and Kevin Pollak playing Yoda and myriad strangled Imperials. And now he’s brought Page in to play the gender-flipped Solo, hoping to reexamine Empire in the way he did with his all-black version of Reservoir Dogs and all-female Glengarry Glenn Ross. Or, at least, to get the Internet talking about what is otherwise just a bunch ...