Slashdot Mirror

darthcamaro writes "Though IE, Chrome and Safari were all attacked and all were exploited, no single web browser was exploited at this year's Pwn2own hacking challenge as Mozilla Firefox. A fully patched version of Firefox was exploited four different times by attackers, each revealing new zero-day vulnerabilities in the open-source web browser. When asked why Mozilla was attacked so much this year, Sid Stamm, senior engineering manager of security and privacy said, 'Pwn2Own offers very large financial incentives to researchers to expose vulnerabilities, and that may have contributed in part to the researchers' decision to wait until now to share their work and help protect Firefox users.' The Pwn2own event paid researchers $50,000 for each Firefox vulnerability. Mozilla now pays researcher only $3,000 per vulnerability."

sfcrazy writes "It's not The Onion: Red Hat has partnered with Uhuru Software to bring Microsoft .NET Apps and SQL server capabilities to Red Hat's Platform-as-a-Service solution OpenShift." This brings OpenShift to Windows, and not .NET applications to GNU/Linux OpenShift installations. RedHat customers have apparently been asking for this for a while. The source is available: "The consistent model for managing both Linux and Windows systems that OpenShift provides allow organizations to achieve greater efficiency and agility. Windows is now a full-fledged member of the Open Source world of OpenShift. In keeping with the spirit of Open Source, Uhuru has made all of its OpenShift integration software for Windows available to the community and is working to have it officially integrated into OpenShift Origin."

In related news (OpenShift is usually used on top of OpenStack), darthcamaro writes "The OpenStack cloud platform keeps on gaining new converts. The latest is GoDaddy which today announced it is now officially supporting the OpenStack Foundation. How GoDaddy came to officially join the OpenStack Foundation is interesting, apparently the OpenStack Foundation found out that GoDaddy was using OpenStack though job postings."

darthcamaro writes "Though Microsoft hasn't yet patched its Internet Explorer web browser in 2014, it did patch IE at least once every month in 2013. According to HP's 2013 Cyber Risk Report, more researchers tried to sell IE vulnerabilities than any other product vulnerability. 'IE is the most prevalent browser on the systems that attackers want to compromise' said Jacob West, CTO of HP's Enterprise Security Group."

darthcamaro writes "The annual Pwn2own hacking competition has always made short work of all browser vendors' security, shredding perception of safety by hacking IE, Firefox, Safari and Chrome in minutes. This year the competition is adding a twist — for IE on Windows 8.1, hackers will also have to bypass Microsoft EMET, which is a seemingly bulletproof type of sandbox. The competition is calling this the 'Unicorn Exploit' and the first researcher to successful exploit it will pocket $150,000."

darthcamaro writes "What follows in the footsteps of Heisenbug, Spherical Cow and Beefy Miracle? Apparently the answer is 'null' as is nothing. Fedora Linux 21 could well have no funky new name as its past predecessors have all had, thanks to a recent vote by the Fedora board to move away from the existing naming practices. Fedora 21 itself will not be out in the first half of 2014 either, instead the plan is now for a release sometime around August. A delayed release however doesn't mean something is wrong as Red Hat's community Linux distro aims to re-invent itself."

Wayne Rash has covered IT as a reporter and editor for over 35 years. NPR, Fox Business News, and NBC all call on him as a technology expert. A few weeks ago he had an article on eWeek titled How Target's Credit Card Security Breach Could Have Been Avoided. In this video, Wayne tells how you (or your business) can avoid being targeted by miscreants out to steal credit card data. It turns out that the security measures he advocates for businesses are common in other parts of the world but haven't hit the United States quite yet. But don't despair. There are things you can do right now, as an individual, to limit your potential losses from card number thefts. Still, the long-term fixes to the security vulnerability that bit Target need to be made by merchants and card issuers, some of whom are already transitioning to cards and card readers that use EMV chips, and some of whom aren't quite there yet -- but might speed up their efforts after seeing what happened to Target.

darthcamaro writes "In March of this year, we saw the first ever 100 Gigabit DDoS attack, which was possible due to a DNS Reflection Amplification attack. Now word is out that a new 100 Gigabit attack has struck using raw bandwidth, without any DNS Reflection. 'The most outstanding thing about this attack is that it did not use any amplification, which means that they had 100 Gigabits of available bandwidth on their own,' Incapsula co-founder Marc Gaffan said. 'The attack lasted nine hours, and that type of bandwidth is not cheap or readily available.'"

darthcamaro writes "It was ten years ago this past Sunday September 22nd, that the Red Hat sponsored Fedora project was born. The first Fedora release didn't come until six weeks later in November of 2003. Over the last 10 years the project has transformed itself from being entirely controlled by Red Hat to being a true community effort. In a video interview, the current Fedora Project Leader, Robyn Bergeron talks about the past and the future of Fedora. 'We need to think about how we're actually making the sausage,' Bergeron said. 'I think we can try and abstract and automate the things we have to do a lot, so our really awesome people's brains can be applied to solving problems that aren't yet automate-able.'"

darthcamaro writes "At the Linuxcon conference in New Orleans today, Linus Torvalds joined fellow kernel developers in answering a barrage of questions about Linux development. One question he was asked was whether a government agency had ever asked about inserting a back-door into Linux. Torvalds responded 'no' while shaking his head 'yes,' as the audience broke into spontaneous laughter. Torvalds also admitted that while he as a full life outside of Linux he couldn't imagine his life without it. 'I don't see any project coming along being more interesting to me than Linux,' Torvalds said. 'I couldn't imagine filling the void in my life if I didn't have Linux.'"

darthcamaro writes "The Linux Foundation's Who Writes Linux report (sign up required) is now out and after 22 yrs leading Linux, Linux creator Linus Torvalds has fallen out of the list of top 100 developers in terms of code contributions. He currently ranks 101st for number of patches generated from the Linux 3.3 to the Linux 3.10 kernel releases." Read below for a few highlights from the report. Nearly 10,000 developers from more than 1,000 companies have contributed to the Linux kernel since tracking began in 2005. Just since the last report, more than 1,100 developers from 225 companies have contributed to the kernel. In fact, more developers and companies are contributing to Linux than ever before with Linux kernel 3.10 seeing the most developer contributions ever.

Mobile and embedded companies are increasing their investments in Linux. Linaro, Samsung and Texas Instruments together increased their aggregate contributions from 4.4 percent during the previous version of the paper to 11 percent of all changes this year. Google’s contributions are also up significantly this year.

The Top 10 organizations sponsoring Linux kernel development since the last report include Red Hat, Intel, Texas Instruments, Linaro, SUSE, IBM, Samsung, Google, Vision Engraving Systems Consultants and Wolfson Microelectronics. After appearing on the list for the first time in 2012, Microsoft notably dropped off the list entirely this year. A complete list of the top 30 organizations sponsoring this work is included in the paper.

The rate of Linux development is unmatched. The average number of changes accepted into the kernel per hour is 7.14, which translates to 171 changes every day and more than 1,200 per week.

cold fjord sends news that a study by Coverity has found open-source Python code to contain a lower defect density than any other language. "The 2012 Scan Report found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, as compared to the accepted industry standard defect density for good quality software of 1.0. Python's defect density of .005 significantly surpasses this standard, and introduces a new level of quality for open source software. To date, the Coverity Scan service has analyzed nearly 400,000 lines of Python code and identified 996 new defects — 860 of which have been fixed by the Python community."

darthcamaro writes "Yesterday the stable Linux 3.10 kernel was updated twice — an error was made, forcing a quick re-issue. 'What happened was that a patch that was reported to be broken during the RC [release candidate] review process, went into the release, because I mistakenly didn't pull it out in time,' Greg Kroah-Hartman said. The whole incident however is now sparking debate on the Linux Kernel Mailing List about the speed of stable Linux kernel releases. Are they moving too fast?"

darthcamaro writes "At the first ever Fedora Flock conference this past weekend, a proposal was put forward by developer Mat Miller to re-architect Fedora with a core distribution, surrounded by layers of additional functionality for desktop, server and cloud. It's a proposal that Fedora Project Leader Robyn Bergeron is interested in too. 'How can we make Fedora be something that is modular enough to fit into all those different environments (device, desktop, server & cloud) , while still acknowledging that a one-size-fits-all approach isn't something that draws people into the project?' Bergeron said. 'People want something that is specifically for them.'"

darthcamaro writes "Apache has always dominated the web server landscape. But in August, its share has slipped below 50 percent for the first time in years. The winner isn't nginx either — it's Microsoft IIS that has picked up share. But don't worry, this isn't likely a repeat of the Netscape/IE battle of the late 90's, Apache is here to stay (right?)" The dip is mostly the result of GoDaddy switching to IIS from Apache. Which is to say GoDaddy hosts a whole lot of sites.

darthcamaro writes "At the recent DEF CON conference over the weekend, vendor were selling all kinds of gear. But one device stood out from all the others: the Wi-Fi Pineapple — an all in one Wi-Fi hacking device that costs only $80 (a lot cheaper than a PwnPlug) and powered by a very vibrant open source community of users. Pineapple creator Darren Kitchen said that 1.2 Pineapple's per minute were sold on the first day of DEF CON (and then sold out). The Pineapple run Linux, based on OpenWRT, is packed with open source tools including Karma, DNS Spoof, SSL Strip, URL Snarf, Ngrep, and more and is powered by g a 400MHz Atheros AR9331 MIPS processor, 32MB of main memory and a complete 802.11 b/g/n stack. Is this a tool that will be used for good — or for evil?"

Nerval's Lobster writes "This year's Black Hat conference wasn't just about the NSA director defending his agency's surveillance practices (and getting a bit heckled in the process). Other topics included hacking iOS devices via a modified charging station, eavesdropping on smartphones via compromised femtocells, demonstrating a password-security testing tools that leverage AWS (and 9TB of rainbow tables) to crush weak passwords, and compromising RFID tags with impunity. What was your favorite news out of Black Hat?"

symbolset writes "While some might liken the deal to the Empire joining up with the Trade Federation, there may be some interesting outcomes for this one. On Monday Microsoft and Oracle are expected to announce a 'cloud" partnership'. Although the two companies often seem to be at odds, two of their founders — Bill Gates and Larry Ellison — are partners in charity in the 'giving pledge.' Is this the beginning of a beautiful friendship? 'Oracle is battling an image not of growing up, but of growing old. On Thursday the company announced lower than expected earnings, which it ascribed to a tough economy overseas. Cloud-based software grew well, but remains a small part of its overall revenue. The company also said it would raise its dividend and announced a big stock buyback, behaviors usually undertaken by tech companies when they begin to grow more slowly.'"

First time accepted submitter dougkfresh writes "Checkmarx's research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. Furthermore, a concentrated research into e-commerce plugins revealed that 7 out of the 10 most popular e-commerce plugins contain vulnerabilities. This is the first time that such a comprehensive survey was prepared to test the state of security of the leading plugins." It does seem that Wordpress continues to be a particularly perilous piece of software to run. When popularity and unsafe languages collide.

David Coursey has spent a lot of his life as a journalist, specializing in IT coverage for most of it. He's written for ZDNet and eWeek, Forbes, and other well-known publications, and has had his stories linked from Slashdot more than a few times over the years. What he is not as well known for is his expertise as an EMT, a field he has been in as both a volunteer and professional since the rocks in California (where he lives) were still soft enough that the Flintstones used them as pillows. He and I were chatting on Facebook yesterday, and I realized that David's views on media coverage of the recent Boston Marathon bombings might be worth sharing. Do you think what he's saying is valid? Do you agree or disagree with him? Or some of each?

An anonymous reader writes "In a February 2013 ACM Queue / Communications of the ACM article, A decade of OS access-control extensibility, Robert Watson at the University of Cambridge credits 2000s-era DARPA security research, distributed via FreeBSD, for the success of sandboxing in desktop, mobile, and embedded systems such as Mac OS X, iOS, and Juniper's Junos router OS. His blog post about the article argues that OS security extensibility is just as important as more traditional file system (VFS) and device driver extensibility features in kernels — especially in embedded environments where UNIX multi-user security makes little sense, and where tradeoffs between performance, power use, functionality, and security are very different. This seems to fly in the face of NSA's recent argument argument that one-size-fits-all SELinux-style Type Enforcement is the solution for Android security problems. He also suggests that military and academic security researchers overlooked the importance of app-store style security models, in which signed application identity is just as important as 'end users' in access control."

Several outlets are reporting, based on screenshots posted by Android Police that Google is (or "may be" — CNet calls the report "loosely sourced") about to introduce a lower-tech variant on its smartphone-based Google Wallet payment system. Instead of transferring payment information from an NFC-equipped phone, this would mean a physical payment card (like a conventional plastic credit or debit card), but one linked via Google's databanks to the user's existing bank or credit accounts. Upsides: less to carry, a simple way to suspend or cancel service on them (should the card be lost or stolen), and doesn't require you to carry your phone to make a credit or debit transaction — handy, since NFC readers are still thin on the ground. Downside: while perhaps no worse than putting the same information on your phone, it's one more step toward giving a third party all of your personal information in one place. A card that fits in a wallet probably makes a lot of sense: I live in a city with at least three pay-by-phone options in trials or fully available (CitiBank, Isis, and Google Wallet), but I can't buy ice cream or coffee with them yet. And there's no reason a card-shaped token couldn't use mag-stripes and NFC, too.

An anonymous reader writes "Salesforce.com CEO Marc Benioff is the latest to predict Windows 8 will be a disaster for Microsoft, but for a different reason than some others: he says that Windows is simply irrelevant in the new era of cloud computing and bring-your-own-devices (BYOD), which will become clear to corporate IT decision makers when they confront the upgrade decision. Of course, this conveniently dovetails with Salesforce's market position, so consider the source. Another interesting development is the growing rivalry between Benioff and his old boss Larry Ellison; Salesforce.com is a longtime Oracle shop, but they have just announced intentions to hire 40-50 PostgreSQL developers."

StormDriver writes "Firefox 15 has hit the Mozilla pre-beta Aurora channel, and it features a redesigned, built-in debugger." The original weblog post has more. Thanks to improved debugger internals in SpiderMonkey, supposedly code should run just as fast with debugging enabled as without (ever try loading Slashdot with firebug accidentally enabled?). There are also new tools for testing mobile layouts from the comfort of your workstation, and the debugger can attach to remote processes (Something Emacs users have enjoyed for years now, albeit in a hackish manner and without support for mobile Firefox).

Wayne Rash is a crusty old IT reporter who lives near Washington D.C. and covers a lot of Federal Government actions, especially those that have to do with technology, for several well-known publications. He did a lot of the original coverage of both the LightSquared debacle and AT&T's attempt to buy T-Mobile. Note the word "original" in there. An awful lot of today's online "news" stories quote other stories. Wayne is totally not a fan of that kind of "reporting," as you'll learn toward the end of this video. What he *does* respect is the old-fashioned way of gathering information: lots of research and digging.

Wayne Rash is a crusty old IT reporter who lives near Washington D.C. and covers a lot of Federal Government actions, especially those that have to do with technology, for several well-known publications. He did a lot of the original coverage of both the LightSquared debacle and AT&T's attempt to buy T-Mobile. Note the word "original" in there. An awful lot of today's online "news" stories quote other stories. Wayne is totally not a fan of that kind of "reporting," as you'll learn toward the end of this video. What he *does* respect is the old-fashioned way of gathering information: lots of research and digging.

With more on the Flashback malware plaguing many Macs, beaverdownunder writes with some explanation of how the infection grew so quickly: "Alexander Gostev, head of the global research and analysis team at Kaspersky, says that 'tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.'"

SpuriousLogic writes with a preliminary ruling in the ITC case between Apple and Motorola. Quoting eWeek: "Motorola is celebrating an initial triumph over Apple, after a U.S. International Trade Commission administrative law judge issued an initial determination (PDF) finding that Motorola Mobility has not violated any of the three patents listed in an October 2010 lawsuit Apple filed against the Droid maker. ... The determination isn't the final say ... in March, the ruling will be reviewed by a six-member ITC panel that will announce the ultimate ruling. However, according to Zacks Equity Research, it's unusual for the ITC panel, which has the power to block device imports, to contradict a judge's determination."

New submitter fran6gagne writes "AT&T [Monday] notified customers of an effort by hackers to collect online account information. It is not believed that the perpetrators of this attack obtained access to sensitive information." eWeek's account has a bit more detail.

Hugh Pickens writes "Fahmida Y. Rashid reports that the Defense Advanced Research Projects Agency will fund new cyber-security proposals under the new Cyber-Fast Track project intended to cut red tape for hackers to apply for funding for projects that would help the Defense Department secure computer networks, says Peiter Zatko, a hacker known as Mudge who was one of the seven L0pht members who testified before a Senate committee in 1998 that they could bring down the Internet in 30 minutes and is now a program manager for the agency's information innovation office. Anything that could help the military will be considered, including bug-hunting exercises, commodity high-end computing and open software tools and projects with the potential to 'reduce attack surface areas, reverse current asymmetries' are of particular interest. Under the Cyber-Fast Track initiative, DARPA will fund between 20 to 100 projects annually. Open to anybody, researchers can pitch DARPA with ideas and have a project approved and funded within 14 days of the application."

An anonymous reader writes "Anonymous, as they have claimed they would, finally released 400 megabytes of files (NSFW language) allegedly stolen from ManTech, a cyber security firm contracted by the FBI. Anonymous stated, 'The FBI is outsourcing cybersecurity to the tune of nearly $100 million to a Washington-area managed services company. The deal shows a willingness in the federal government to place IT services more and more in the hands of third parties as agencies don't have enough staff on hand to do the job.'"

PybusJ writes "IBM has released an online HTML5 editing tool called Maqetta, hosted by the Dojo Foundation. eWeek calls it an open source answer to Flash and Silverlight. That remains to be seen, but it does look interesting."

jfruhlinger writes "Some months after leaving Oracle in a huff, father of Java James Gosling has joined Google. It's not clear what his job responsibilities will be there, but given some of his past statements about Google projects — that Android has no adult supervision, for instance — it will be interesting to see what develops."

Hugh Pickens writes "There was a time in the 1990s when Sun, at its wealthiest, was poised to buy Apple when it was at the lowest point in its storied history and now eWeek reports on how the deal for Sun to buy Apple fell through. 'Back in late 1995 early '96, when we were at our peak, we were literally hours away from buying Apple for about $5 to $6 a share,' says former Sun CEO Ed Zander. 'I don't know what we were going to do with it, but we were going to buy it.' Sun co-founder Scott McNealy adds that there was an investment banker on the Apple side who basically blocked it. 'He put so many terms into the deal that we couldn't afford to go do it.' Would there be iPhones, iPads and iPods on the market today if Sun Microsystems had been able to close a deal to buy out Apple in the mid-1990s? No, says McNealy. 'If we had bought Apple, there wouldn't have been iPods or iPads ... I'd have screwed that up.'"

An anonymous reader writes "Google leaves no stone unturned in its defense against Oracle's patent and copyright infringement allegations. eWEEK reports on the latest development: Google has asked the USPTO to reexamine four of the seven patents asserted by Oracle. Patent watcher and skeptic Florian Mueller believes 'the world would be a better place without those virtual machine patents,' which he considers excessively broad and not really technical inventions. He also reports on a Google letter to the court, asking for permission to file a motion to throw out Oracle's copyright infringement allegations as soon as possible, without further discovery."

pjfontillas writes "Yusuf Mehdi, Senior Vice President of Microsoft's Online Audience Business Group, recently announced, 'One of the principles we have here at Bing is to constantly experiment and learn. We do this to ensure we are keeping pace with new social and technology trends, and can continue to deliver great value for our customers and advertisers. As part of this "test-and-learn" mentality, we will be retiring the Bing cashback feature, which means that the last day you can earn cashback will be July 30, 2010.' From the look of the comments, Microsoft has at least 35 saddened users. eWeek does a follow-up attempting to explain the situation in more detail."

Pickens writes "eWeek reports that Microsoft has announced it will pay $200 million to settle a patent-infringement suit against it by VirnetX, which alleged that the software giant infringed on its patents related to communications, virtualization and collaboration technology. This payment represents a substantial markup from the $105.7 million that a Texas jury awarded in March when it found that Microsoft had infringed on two US patents held by VirnetX. Microsoft will license VirnetX technology for its own products. 'We believe that this successful resolution of our litigation with Microsoft will allow us to focus on the upcoming pilot system that will showcase VirnetX's automatic Virtual Private Network technology,' says Kendall Larsen, VirnetX Holding Corp.'s CEO. East Texas courts have a reputation as a good place to pursue intellectual property suits against larger corporations. While many of these cases seem to be settled out of court — or dismissed as totally frivolous — recent lawsuits such as those leveled by i4i and VirnetX are notable for at least extending to the Big Judgment phase."

Hugh Pickens writes "For years Google has been pitching migrations from Microsoft Office to Google Docs, arguing that Docs makes Office 2003 and 2007 better because users can store Microsoft Office documents in Google's cloud and share them in their original format. Now eWeek reports that Alex Payne, director of Microsoft's online product management team, says that moving files created with Office to Google Docs results in the loss of data fidelity, including the loss of such data components as charts, styles, watermarks, fonts, tracked changes, and SmartArt. 'They are claiming that an organization can use both seamlessly,' Payne writes. 'This just isn't the case.' Meanwhile, Google defended its original 'Docs makes Office better' in a statement, noting that it has made a lot of improvements to the web editors in Docs with its recent refresh, and promising that functionality will only get better as Google integrates the DocVerse assets into Docs. 'It says a lot about Microsoft's approach to customer lock-in that the company touts its proprietary document formats, which only Microsoft software can render with true fidelity, as the reason to avoid using other products,' says a Google spokesperson."

Hugh Pickens writes "For years Google has been pitching migrations from Microsoft Office to Google Docs, arguing that Docs makes Office 2003 and 2007 better because users can store Microsoft Office documents in Google's cloud and share them in their original format. Now eWeek reports that Alex Payne, director of Microsoft's online product management team, says that moving files created with Office to Google Docs results in the loss of data fidelity, including the loss of such data components as charts, styles, watermarks, fonts, tracked changes, and SmartArt. 'They are claiming that an organization can use both seamlessly,' Payne writes. 'This just isn't the case.' Meanwhile, Google defended its original 'Docs makes Office better' in a statement, noting that it has made a lot of improvements to the web editors in Docs with its recent refresh, and promising that functionality will only get better as Google integrates the DocVerse assets into Docs. 'It says a lot about Microsoft's approach to customer lock-in that the company touts its proprietary document formats, which only Microsoft software can render with true fidelity, as the reason to avoid using other products,' says a Google spokesperson."

A recent post up at TechCrunch claims that HP's "Slate" tablet has been canceled. Officials details for the tablet were limited, though a leaked internal presentation indicated it had an 8.9" screen, a 1.6GHz Atom processor, and ran on Windows 7. Some are now speculating that HP may experiment with porting WebOS to a similar device. Quoting: "Will WebOS emerge as a successful operating system for tablet devices? That seems very unlikely given the dominance of the closed Apple OS and the likely success of the open Android and Chrome operating systems from Google. To get traction from third-party developers with WebOS, HP will need to sell a lot of units. And it's not clear what they'd gain from all that effort, anyway. HP knows how to build and sell hardware, not operating systems."

Hugh Pickens writes "eWeek reports that the data Apple collects about users from its iPhone is so valuable that the company may build its own iPhone-centric search engine just to keep Google from gleaning insight from that data. 'The data generated on the iPhone OS platform must become an increasing priority for Apple and we believe the company has the resources to develop its own products in both maps and search in the next five years,' writes analyst Gene Munster. Google is currently the default search engine on the iPhone, but Google has increasingly encroached on Apple's mobile turf, offering the Android operating system and several mobile applications. As the search provider for the iPhone, Google sees what iPhone users are searching for, which can help it tailor software and services for its own mobile smartphones — a competitive advantage that has not gone unnoticed by Apple. Apple lacks the experience and engineering wherewithal to build a large, scalable search engine, but Munster says Apple could buy a search startup with a Web index, such as Cuil or Taptu, and use its index as the seed for its own search engine. 'Apple is in an inside position to tap into the current pent-up demand for better mobile search, and add a new competitive differentiation from other search providers and device makers,' adds IDC analyst Hadley Reynolds."

Art3x writes "When developing search engine technology, Microsoft focused on returning good results for popular queries but ignored the minor ones. 'It turned out the long tail was much more important,' said Bing's Yusuf Mehdi. 'One-third of queries that show up on Bing, it's the first time we've ever seen that query.' Yet the long tail is what makes most of Google's money. Microsoft is so far behind now that they won't crush Google, but they hope to live side by side, with Bing specializing in transactions like plane tickets, said Bing Director Stefan Weitz."

Art3x writes "When developing search engine technology, Microsoft focused on returning good results for popular queries but ignored the minor ones. 'It turned out the long tail was much more important,' said Bing's Yusuf Mehdi. 'One-third of queries that show up on Bing, it's the first time we've ever seen that query.' Yet the long tail is what makes most of Google's money. Microsoft is so far behind now that they won't crush Google, but they hope to live side by side, with Bing specializing in transactions like plane tickets, said Bing Director Stefan Weitz."

After the FTC sent letters to 100 organizations warning them that their data is being leaked on P2P networks — and now has requested detailed operational data from at least a subset of those organizations — it was pretty likely that anti-P2P legislation would get proposed. Two senators have introduced the P2P Cyber Protection and Informed User Act, which "...would prohibit peer-to-peer file-sharing programs from being installed without the informed consent of the authorized computer user. The legislation would also prohibit P2P software that would prevent the authorized user from blocking the installation of a P2P file-sharing program and/or disabling or removing any P2P file-sharing program. Software developers would be required to clearly inform users when their files are made available to other peer-to-peer users under legislation introduced Feb. 24 by Sens. Amy Klobuchar, D-Minn., and John Thune, R-S.D."

Curlsman informs us that the first beta of Ruby on Rails 3.0 has been released (release notes here). Rails founder David Heinemeier Hansson blogged that RoR 3.0 "feels lighter, more agile, and easier to understand." This release is the first the Merb team has participated in. Merb is a model-view-controller framework written in Ruby, and they joined the RoR development effort over a year ago. Reader Curlsman asks, "So, is version 3 of RoR going to be a big deal, more of the same (good or bad), or just churning technology?"

viralMeme writes "According to the Register, 'Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.' One of the researchers said, 'After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had obtained root access on these Linux-based cellular-based devices, which piqued our curiosity [about] the security implications.' Whoever designed these devices should be sent back to computer school. An authentication device that can be bypassed is a contradiction in terms. Or, as some pen-pusher would put it in a report: an unantipicated security excursion.

Several sources have shared the news that "Google Goggles," publicly known as Google Visual Search, will be "coming soon" to an Android phone near you. Rather than typing in the search term, you will be able to just take a picture with your phone and search results will be returned. The new search was recently featured on CNBC's "Inside the Mind of Google." Unfortunately Goggles didn't pass muster with a recent focus group, so it could be a while before Google decides this is ready to hit the streets.

An anonymous reader writes "Web annotation startup ReframeIt claim Google copied their web annotation product when releasing Google Sidewiki. At first glance, the products do look quite similar, and this eWeek article has some interesting evidence, including suspicious user registrations by Google employees and an attempt by Google to hire off ReframeIt's lead engineer."

Over the past few weeks, the cellphone industry has been criticized on a variety of subjects, from distracted driving to handset exclusivity deals to everything else that's shady within the industry. Verizon's CEO has now responded, addressing what he claims are "myths" about standard practices. Reader DJRumpy points out that the chairman of the Senate Subcommittee on Antitrust, Competition Policy and Consumer Rights has been calling for an investigation into whether competition is being stifled through many of these practices, "including possible text messaging price fixing and questionable roaming arrangements." Apparently the new antitrust chief is hitting resistance from within the government over the aggressive inquiries into this and other major industries. However, a small victory was achieved the other day when the National Telecommunications and Information Administration "told incumbent carriers that they'll have to prove their cases just like everyone else if they want to challenge broadband grant proposals from smaller players." There is also legislation in the works that would require states to impose a ban on text messaging while driving or lose a significant portion of their federal highway funding.

Time Warner's recently announced plan to expand their broadband transfer caps to new markets drew heavy criticism, which prompted their attempt to smooth things over with a ridiculously expensive "unlimited" plan. That wasn't enough for New York Representative Eric Massa, who now says he will draft legislation to "curb tiers, particularly in areas where a broadband provider owns a monopoly on service." Massa said, "Time Warner believes they can do this in Rochester, NY; Greensboro, NC; and Austin and San Antonio, Texas, and it's almost certainly just a matter of time before they attempt to overcharge all of their customers," adding, "I believe safeguards must be put in place when a business has a monopoly on a specific region."