Slashdot Mirror

UmmRa points out his discussion of four flash-card programs for language learning, excerpting "As someone who has learned three dead languages in the past six years (Latin, Egyptian, and Akkadian) I have had my share of experience with language software....If there is one thing I have learned from the experience, it is that no program is a panacea. Until we all have Matrix-esque jacks at the base of our skulls, learning a language will be a process that requires some amount of work and time. However that does not mean there isn't cheap (or free!) software out there to greatly simplify the process." None of the program compared are free (or Free), though two are shareware; two of them are for Windows only, one is Mac-only, and the other is "Java based, so it can operate on any platform." Update: 03/21 02:34 GMT by T : The actual link got dropped -- my fault -- in editing this post; now fixed.

andy753421 links to today's announcement of the official release of KDE 3.4, and writes "Several KDE 3.4 based distributions such as ArkLinux and Kubuntu are soon to follow. Features in the release include built in Text to Speech, a revamped trash system, enhanced PDF support and PC to PC synchronization, as well as a new theme. KDE 3.4 weights in at 6,500+ bug fixes, 1,700+ enhancements, and a grand total of 80,000+ contributions." Reader gotr00t adds a link to the KDE download mirror page . Update: 03/16 20:58 GMT by T : mrevell points out an interview with KDE hacker Aaron Seigo in the latest LugRadio, in which Seigo "dispels various myths about KDE and talks about the desktop environment's future."

theodp writes "Can't get enough pictures of dogs' noses? Circular objects framed within squares? Newsweek reports on photo-sharing sites and picture blogs, where amateur shutterbugs looking to share their passions with the world happily blast their photos out to millions of people. Fotolog CEO Adam Seifer, who posts a picture of every meal he eats on Get In My Belly!, calls the Fotolog-Flickr-HeyPix-Smugmug phenomenon 'a million reality TV shows, only without the pain and humiliation.'" Update: 03/14 07:09 GMT by T : Reader onethumb points out an important aspect of such sites: "The new breed of photo-sharing services expose their APIs for geeks everywhere to enjoy. Both Flickr and Smugmug have growing APIs with thriving communities around them. Write your own photo-sharing application, sister web service, or software toy today!" (Here's a link to Flicker's API, and one to smugmug's.)

tod_miller writes "Google has changed its definitions link from dictionary.com to answers.com. A google search for juxtaposition shows the effect. What is interesting is that answers.com pulls information from wikipedia.org, which was provided bandwidth by google.com [and now Google is providing a service that will be used worldwide to pull information off Wikipedia]. Aside from having both a dictionary.com and a wikipedia.org search box in FireFox (as well as Google) the definition link on Google is still useful and I regularly check it for obscure uses or exact definitions of words. Now it uses answers.com we do not get all the different forms of the word, but we do get any medical or wikipedic information. Interestingly, answers.com does not use Google AdSense, but commission junction that looks like it. There is no announcement yet from Google of their change." This change took place several weeks ago, as players of e-scrabble and other compulsive word-checkers might have noticed. Update: 03/13 23:20 GMT by T : (Also mentioned in passing last month.) Update: 03/14 02:13 GMT by T : Brion Vibber writes: "Google does *not* provide any bandwidth to Wikipedia at this time, except in the sense that they 'use up' our bandwidth when people using their search engine come to our site. ;)"

tod_miller writes "Google has changed its definitions link from dictionary.com to answers.com. A google search for juxtaposition shows the effect. What is interesting is that answers.com pulls information from wikipedia.org, which was provided bandwidth by google.com [and now Google is providing a service that will be used worldwide to pull information off Wikipedia]. Aside from having both a dictionary.com and a wikipedia.org search box in FireFox (as well as Google) the definition link on Google is still useful and I regularly check it for obscure uses or exact definitions of words. Now it uses answers.com we do not get all the different forms of the word, but we do get any medical or wikipedic information. Interestingly, answers.com does not use Google AdSense, but commission junction that looks like it. There is no announcement yet from Google of their change." This change took place several weeks ago, as players of e-scrabble and other compulsive word-checkers might have noticed. Update: 03/13 23:20 GMT by T : (Also mentioned in passing last month.) Update: 03/14 02:13 GMT by T : Brion Vibber writes: "Google does *not* provide any bandwidth to Wikipedia at this time, except in the sense that they 'use up' our bandwidth when people using their search engine come to our site. ;)"

nazarijo writes "You can usually tell someone who's been writing a lot of code by how they write code. That may sound like a tautology, but it's got a deeper meaning than that. What editor they use, what idioms they use to avoid common pitfalls, and what organization patterns they employ all tell you what kind of programmer you're meeting. When you first start writing code, so many things are inconsistent and just plain wrong that it's almost embarrassing. I know that when I look over older code that I've written I feel sheepish about it. But how do you grow as a programmer, and what really makes a good programmer beyond language familiarity?" Read on for Nazario's review of Code Reading: The Open Source Perspective, a book which attempts to instill deeper knowledge about programming than just "knowing how." Code Reading: The Open Source Perspective author Diomidis Spinellis pages 499 publisher Addison-Weslet Longman rating 7 reviewer Jose Nazario ISBN 0201799405 summary A tour of large-scale development projects from code to organization

A few books are tackling this subject, including Coder to Developer and Programming Language Pragmatics. These books don't teach you much about a particular language in the way that an introductory text would. Instead, you grow as a skilled developer by studying them and learning from them. That's one of the key things that people are talking about lately, that to be a strong developer requires more than a working knowledge of a language. It requires a familiarity with the strengths, weaknesses, and core features of a language and the base libraries to be efficient.

Code Reading: The Open Source Perspective is one of these books in this small but growing library. In it, Diomidis Spinellis takes you through a large body of code and focuses on several languages, techniques, and facets of development that differentiate strong developers from weak ones. What I like about this book is how much it covers, how practical the information is, and how much Spinellis teaches you. You wont learn a language, which is the complaint of some people who read this book, but if you know one or two you'll be a better programmer.

Perhaps one of the most telling things about the book is that it draws heavily from NetBSD source code, and features over 600 examples to make the point. Examples are often annotated using NetBSD as a reference. This makes sense, because NetBSD is a large project that's relatively stable and mature. Everything from how to define a C structure consistently and sanely to UML diagrams and build systems are covered, making this truly a developer's book. However, even Windows and Mac OS X developers will benefit, despite the BSD focus.

Chapter 1 introduces some of the basic tenets of the book, namely that code is literature and should be read as such. All too often people only read code when they have a specific problem to solve or want to get an example of an API. Instead, if you read code frequently you'll always be learning things and improving your skills. Also, Spinellis discusses the lifecycle of code (including its genesis, maintenance, and reuse), which simply must be taken into account if code is to be good. Poorly skilled developers forget these things and just slap it together, never thinking ahead.

In Chapter 2, a number of concepts basic to any programming language are covered, including the basic flow-control units common to many languages. The book focuses on C, with additional coverage given using C++, Java, and a few other things thrown in for good measure. As such, these chapters -- in fact the whole book -- focuses on concepts common to these languages but absent in some other languages, like Scheme or LISP. One neat section is called "refactoring in the small." It illustrates the real value of the book nicely, in showing you various ways to organize your code and your thoughts for various effects. Oftentimes a book will only teach you one way (which doesn't always suit your needs), and Spinellis' examples do a nice job of escaping that trap, not just here but throughout the book.

Chapter 3, "Advanced C Data Types," focuses on some language-specific matters. These are pointers, structures, unions and dynamic memory allocation, things that most people who code in C may use but only some truly understand well. Again, a somewhat basic chapter, but useful nonetheless. Make sure you read it; chances are you'll learn a thing or two.

In Chapter 4, some basic data structures (vectors, matrices, stacks, queues, maps and hash tables, sets, lists, trees and graphs) are covered. This is an important chapter since it helps you see these structure in real-world use and also helps you understand when to chose one structure over another. While Knuth, CLRS, or other algorithms and data structures texts cover these, they often do so in isolation and at a theoretical level. While their coverage is short, it's to the point and usable by anyone with a modest understanding of C.

Chapter 5, "Advanced Control Flow," the last chapter that deals with actual programming information, is another useful one. Again, short but to the point, this chapter covers things like recursion, exceptions, parallelism, and signals, all topics that have warranted their own books (or major sections in other books) but which are covered in a single chapter here. Still, seeing them side-by-side and in the context of each other and in real-world use provides some justification for the compact presentation.

The remaining chapters of the book go well beyond a normal programming book and focus on projects. These chapters complement the first bunch nicely by focusing on the organization of your code and projects. Chapter 6 deals specifically with many of the commonly identified (but rarely taught) things like design techniques, project organization, build processes, revision control, and testing. A number of things that aren't covered include defining and managing requirements for a release and their specifications, basics on how to use autoconf and automake, and instead rips through a whole slew of topics quite quickly.

Chapter 7 is sure to be controversial for some people: it covers "Coding Standards and Conventions." Some people seem to be big fans of the "if it feels good, do it" style of programming, and instead of writing sane, usable code, what they produce is buggy and messy. This chapter teaches you tried and tested methods of naming files, indentation (and how to do so consistently using your editor to help), formatting, naming conventions (for variables, functions, and classes), as well as standards and processes. The style and standards are (as you would expect) based on NetBSD, which differ slightly from GNU and Linux standards, as well as commonly found Windows practices. However, I think you'll agree that the style is readable with minimal effort, and that goal, coupled to consistency, is paramount in any standard.

Chapter 8 introduces you to documentation, including the use of man pages, Doxygen, revision histories, and the like. Also included are hints at using diagrams for added value. One thing I don't like about this chapter is the opening quote, which sets a bad precedent. It blithely suggests that bad documentation is better than none, which is highly questionable. Misleading docs can be worse than no docs at all, since someone without docs will have to dig through the code in front of them to understand it. Someone with bad docs will rely on the docs and wonder what's broken when things go awry.

Chapter 9 focuses on code architecture, such as class hierarchies, module organization, and even core features like frameworks to chose. This chapter covers a lot of material, and is, despite its size, simply too terse on many of these subjects. It serves as a decent introduction, but doesn't go very far in some places, considering the importance of the material. However, like much of the book, it's a good introduction to the topics at hand.

Chapter 10 also features a lot of good things to know. Granted, you could pick them all up with a lot of hard work and scouring for information, but it's easier to have them presented to you in a cohesive format. The chapter discusses code reading tools, things that you use to help you dig around a large body of code. One you get over a few source files, even if you have well-organized code and interfaces, many changes can require that you inspect the data path. You can do this manually, or you can be assisted with tools. Tools like regular expressions, grep, your editor -- Spinellis shows you how to make use of all of them when you write code. A lot of tools I've never used (but have heard about) are featured, and their use is demonstrated, but of course many tools are simply ignored, focusing on popular ones that will work for most people.

Finally, all of the above is brought together in Chapter 11, "A Complete Example." A small tour of a large, complex piece of code is taken (34,000 lines of Java) as the author makes changes. It's unfortunately in Java, when so much of the book focused on C (why couldn't they have been consistent examples?), but it works. The example itself could have covered a few more things, such as a proper JUnit example, but overall I'm pleased with it.

Overall, Code Reading: The Open Source Perspective is ambitious and worthwhile, both as a complement to a bookshelf of study that includes The Practice of Programming and Design Patterns, and to someone who is growing tired of books on learning a language. At times it feels like the author promised more than he wound up delivering, but it serves as an introduction to a large number of topics. You wont learn a language, and you wont be able to get as much out of the book if you don't engage it with practice, but it's a useful book to get started on the road from being someone who knows a language or two to someone who is a developer, ready to contribute to a team and work on large projects. Never underestimate the skills required to be a good developer, because they go well beyond knowing how to use a language.

You can purchase Code Reading: The Open Source Perspective from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nazarijo (Jose Nazario) writes "With regulatory compliance hanging over so many peoples' heads (GLBA, SOX, HIPAA, etc), information security and related fields have taken on a new twist in recent years. To that end, a number of people are looking at formal evaluation methods like OCTAVE to help guide them through the tricky world of audits. It's a sensible move, too, because you want something documented, thorough, and demonstrable when it comes to an audit, and preferably something objective. The book Managing Information Security Risks: The OCTAVE Approach by Christopher Alberts and Audrey Dorofee is intended to help you fill this need." Read on for the rest of Nazario's review. Managing Information Security Risks: The OCTAVE Approach author Christopher Alberts and Audrey Dorofee. pages 471 publisher Addison-Wesley Longman rating 5 reviewer Jose Nazario ISBN 0321118863 summary An introduction to information security risk management using the OCTAVE method

Authors Alberts and Dorofee are the principal developers of OCTAVE and are staff members at the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU), where CERT has offices. As such, they're the right people to describe OCTAVE. The CERT OCTAVE website area explains the process in more detail. Needless to say, OCTAVE is a very large, complex, heavy process for an organization to go through, with some arguable benefits. Very few organizations have done so to the best of my knowledge -- most of them are scared off by the complexity of the whole undertaking.

This brings up a very important point. It's important to state the difference between a critique of the OCTAVE method and the book itself. OCTAVE is interesting in that it's an attempt to formalize the complex process of information security evaluations. Despite its shortcomings and turnoffs, it has a purpose, and I wont dispute it for the most part. The book, instead, covers an abbreviated format of OCTAVE. It's important to focus on the strengths and weaknesses of the book and not the topic.

The books is organized into three main parts. Part 1 (covering chapters 1 and 2) is an introduction to the principles being discussed in the book. The method itself, and therefore these chapters, focus on a formal evaluation of information security risks and how to manage them. The principles focus on enumeration of assets, their threats and vulnerabilities, and then remediation of the threats to minimize the risk. The section introduces the core concepts to this philosophy.

Part 2 of the book, covering chapters 3 through 11, server two main purposes, preparation and then execution of the method. Chapter 3 introduces the fundamentals of the OCTAVE method, specifically how the three phases (asset-based threat profiles, vulnerability identification, and security strategy planning) fit together. The inputs of the method and its outputs are then described; you'll be using them in later chapters. Chapter 4 helps you prepare for the approach in your organization, including how important it is to get management buy-in, who will participate, and how to organize the evaluation. Project managers will adore this chapter.

The next few chapters cover the meat of the OCTAVE method. Chapter 5 covers processes 1 to 3, where assets are enumerated and the current state of the security profile is captured, as well. This step is crucial for building a baseline and knowing what you'll have to cover. Chapter 6 leads you through the threat profile, where you examine assets that you've identified as critical and the security requirements for them. And finally, in Chapter 7, the basic identification steps are done as you identify critical infrastructure components to examine later on. This is done so that you can work efficiently, as opposed to studying every asset in depth. By studying classes of assets you can (hopefully) achieve the same coverage without spending valuable time repeating the process.

Chapters 8 and 9 deal with the commonly understood parts, the actual vulnerability and risk analysis. Chapter 8 discusses vulnerability assessment tools and some basic questions to ask about them, but leaves the actual evaluation of those tools up to another text. Chapter 9 then helps you undertake the actual risk analysis, such as the impact of any threat being realized or the probability that one would be encountered. This is what most people think of when they think of an information security audit.

This gets to what is perhaps my biggest complaint about the book. It doesn't teach you how to think creatively about threats to information security. Instead, you're told to enumerate assets and threats against them via brainstorming, as though you'll somehow "get it" the first time (or every time). For someone new to the field, this can be hard, because not all assets are obvious -- and not all threats are understood. It's a hard skillset to teach, but it should have been attempted with more gusto.

Chapters 10 and 11 close the big circle of an information security audit, by developing an information security protection strategy. It's basically a series of outlines of meetings and their agendas as you present the findings of the evaluation but are (obviously) vague in the absence of any concrete findings.

This is probably a good time to raise another objection to this book. My second biggest complaint is that the authors never cut to the heart of what the OCTAVE method is trying to do. Sure, the book covers a stripped-down version of OCTAVE, but it doesn't ever get at how you can really adapt this to your organization. Instead, it's a series of rigid steps in the OCTAVE method. If you attempt to do something different for whatever reason, you're on your own. Again, an attempt to work in some flexibility beyond what is present in Chapter 12 (An Introduction to Tailoring OCTAVE, the start of part 3) would have been welcome. This chapter just keeps you inside the narrow confines of the OCTAVE approach.

Chapter 13 attempts to bring this home by discussing the practical applications for an organization. They attempt to discuss how a small company would utilize OCTAVE, but to be honest it's so heavy and time-consuming it's hard to see how they would employ anything but the barest of concepts to their workflow. Three other examples are given: a very large distributed organization, an integrated Web portal service provider (which faces unique threats), and large and small organizations. Again, while this chapter attempts to show how to tailor OCTAVE to anything but the largest and most diligently staffed of organizations, it falls to get to the salient points of the method. Instead, it tries to foist the process on them.

Finally, chapter 14 tries to bring it all home and discuss the information security life cycle of analysis, monitoring, control, and implementation (not in that order). They hope that OCTAVE has become a part of this process and show how it complements and matures this process. Instead, I wonder if an organization will think about the effort they just expended and be reluctant to do this again. The appendices are piles of worksheets, charts and workflows to go through with OCTAVE. You can make photocopies and use them if you implement the OCTAVE approach. It's very hard to take consider these methods strong enough when you read about the report card government agencies received for information security. While they may have not been following OCTAVE, it's hard to see how a book that so superficially treats the subject matter can help anyone do better. Almost everything is just a high-level line-item risk-and-mitigation strategy. Things like "Our organization cannot deliver effective or efficient health care without PIDS" and an impact of "High" are, to put it mildly, interesting in their superficiality. So many things are simply glossed over, yet so many worksheets remain. On the other hand, if a fair treatment of threats, assets, and the like were fully discussed the book would be many more volumes, a significantly more tedious tome, and too sensitive to the shifting sands of time.

Overall the book does a decent job of covering OCTAVE's core premises, but doesn't really provide much beyond that. It's a complex process that doesn't work well for a number of organizations. Instead of helping organizations see how to use it, the authors simply keep presenting OCTAVE for what it is, which makes me question the value of this book beyond someone who has already decided to implement OCTAVE. It doesn't seem like it has a lot to offer anyone who doesn't have a large body of knowledge in information security management and a staff to deploy with worksheets in hand. The book simply fails to contribute greatly beyond the very narrow specifics of OCTAVE.

You can purchase Managing Information Security Risks: The OCTAVE Approach from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

mpesce writes "New Scientist is reporting that a large sea of frozen ice (between 800 and 900 km in size and 45 m deep) has been discovered by the ESA's Mars Express Probe. Here's the kicker: the sea of block ice is only five degrees away from the Martian equator. New Scientist also links to a PDF of a paper to be presented next month about the finding." Update: 02/21 15:30 GMT by T : Note: that's 45 meters deep, not 45 kilometers deep.

An anonymous reader submits "Zophar's Domain is reporting that the CEO of commerical multi-arcade kit seller UltraCade has applied to trademark the name and logo of the ubiquitous open-source multi-arcade emulator MAME and is planning to sue MAME's authors." Update: 02/21 13:26 GMT by T : UltraCade Technologies CEO David R. Foley contacted Slashdot with an emailed explanation of the filing, reproduced below at his request. Update: 02/21 18:16 GMT by T : Please note that Foley's email specifically states that "There have been no lawsuits filed against any of the M.A.M.E. authors, and there have been no claims towards the open source engine, nor will there be."

"Subject: I would hope that you post this to correct your misstated comments on slash dot
Date: Mon, 21 Feb 2005 01:27:43 -0800

Like most things that are spread by rumor, the facts about me, UltraCade Technologies, and the M.A.M.E. emulation system are quite distorted. I will try and educate anyone who cares to listen about the reality of our marketplace and what we are doing and what we are not. Simply put, we are making an effort to stamp out the commercial sales of M.A.M.E. based systems that advertise the ability to play thousands of games while relying on the customer to obtain the ROMs which can not legally be obtained. What we are not doing is trying to claim ownership of the M.A.M.E. open source emulator or sue its authors. We are concerned about the commercial marketplace, and not the readers of the many M.A.M.E. user groups and forums.

I have been working on emulation technology since the mid 80's when I did work on an emulation project in college. In 1994, while working on games for companies like Sega and Williams, we developed an emulation of the arcade games Joust, Defender and Robotron that ran on a Sega Genesis. In 1996, we started the Lucky 8 project which turned into the UltraCade project. In 1998 we were one of the first companies to acquire the rights to classic arcade games from various publishers. We have licensed games from several manufacturers including Capcom, Jaleco, Taito, Stern, Incredible Technologies, Midway, Atari and more. We have started several projects and built prototypes for companies like Sega, based on technology that was licensed from authors from the emulation community. We have licensed technology from many of the communities programmers, paying them to use their code in our products and demonstrations. We have been the leader of the retro arcade movement, and have invested millions of dollars creating a market for retro games. UltraCade was the first successful multi-game arcade machine combining many of the old classics. We further enhanced the market by creating Arcade Legends, our consumer version of the UltraCade product. We have also paid hundreds of thousands of dollars in licensing fees to have the right to sell our games.

In the past couple of years, there has been a huge wave of resellers competing with our UltraCade and Arcade Legends products. They build a similar style cabinet, install a PC in the machine, load M.A.M.E., and sell it for a very low price. Lower than we could ever offer our machines for sale. How? Quite Simple. They profit by stealing others work. If you look at the web sites, and read the eBay ads they offer machines that "Play over 4,000 Classic Arcade Games" They then try and skirt the law by pretending that they are not promoting piracy of these same 4,000 games with statements like "we don't load the ROMs" but of course, almost all of them do. The others that don't, they provide you with an instruction sheet with a link to several web sites where you can illegally download the ROMs, or provide you with the contact information for a CD/DVD duplication house that will sell you a set of ROMs for all 4,000 games for less than $200. Would anyone really buy this arcade machine if they knew that there was no legal way for them to run over 99% of the games that they were promised, I don't think so, and if you really look at this without emotion, I'm sure you would agree. These companies are simply selling the promise of thousands of games on a machine that can not possibly run them legally. I sometimes hear the argument, "well, I could go on eBay and buy up all of these games and then run it", and while plausible, it certainly would not be anywhere near cost effective, and again, if the customer knew that to legally operate these games, they have to spend thousands of dollars buying legal ROMs I seriously doubt that they would consider purchasing a M.A.M.E. machine. Anyone reading this email thread is an intelligent person, and if they put emotions aside, they will realize that what we are saying about selling M.A.M.E. machines and the promise of getting 4,000 games for the average consumer can't possibly happen. Unlike most of you reading this, the average consumer looking to buy a machine for their game room has no idea how emulation works, or what is legal and illegal to do. To them, they read an advertisement on a website or on eBay and compare our product with 50 games or an ad for a machine that promises thousands of games, with the promise of instructions about how to obtain those games. Of course, in this skewed environment the average consumer would gravitate towards the thousands of games machine, not realizing that the software and the games are unlicensed and illegal to play. Most consumers who are pointed at a web site selling a 7 DVD set of ROMs have no idea that this is an act of piracy, they were simply instructed to do this by the person selling them their arcade cabinet, and told this is how you get the games.

Now that we have attempted to take legal recourse to prevent illegal competition, the same people, who steal the work of the M.A.M.E. authors, and then profit by selling machines that have no value without the pirated games being made available, turn around and cry foul when we call them on their ways. They run to the M.A.M.E. discussion forums and spread rumors about UltraCade suing the authors of M.A.M.E. or stealing the M.A.M.E. engine. I'm amazed at the response of the community, a community that is being whipped into action by the same people who are stealing and profiting from them and they're efforts. Many people have reacted with hate mail without even considering to look at the facts of the situation, or to realize who is spreading the rumors. They are being spread by those who wish to profit by selling unlicensed games.

The simple fact is that we are attempting to stop the tide of illegal arcade machines, and the promotion of unlicensed games. The M.A.M.E. platform, while a technical marvel, consists of many violations of copyrights and trademarks. The authors have always stated in the documentation that it was not put into the public domain to steal from the game authors or publishers, and they have always been hands off about how to obtain the ROMs. They have also clearly stated that it is not to be used for commercial gains. A majority of the publishers who own the copyrighted material have not paid much attention to this marketplace, as until recently it has not had a huge commercial impact. But now, there are websites and eBay sellers selling machines that directly compete with legitimate publishers like us who publish games from Capcom, Taito, Midway, Atari and others, or publishers like Namco that publish Ms. Pac-Man/Galaga or the Donkey Kong/Mario Bros. machines.

Of the many thousands of games that M.A.M.E. supports, only a minute fraction of them can legally be played on a M.A.M.E. equipped machine, and many can not. There are many fallacies about the legality of owning ROMs and how you can play the game. Many people claim that they have a board set and therefore they can download as many ROMs as they like. The law is very strict. You can transfer the image from the actual original ROM chips, which you legally own, to another piece of hardware, provided that you actually transfer the code from the chips. Just having a board sitting around, and saying I have the right to play it is not the case. Many people point to StarROMs and say that they can then sell the games with the ROMs installed. This is not the case either. StarROMs license prohibits the resale of the game licenses, and only the end user can purchase these ROM images, resellers can not. Our market is further plagued by the rash of 4 in 1, 9 in 1, 24 in 1 39 in 1 and the new 300 in 1 "multicade" boards. These boards come from Taiwan and Hong Kong and contain illegal copies of the ROMs of several games.

This is a complex case amongst companies that are trying to make it about UltraCade stealing something from the M.A.M.E. team. That is not what this is about. This is simply UltraCade Technologies and other publishers doing whatever it takes to protect our commercial interests and prevent other companies from stealing our market by capitalizing on unlicensed games and selling products that only have value when coupled with illegally obtained games. Our application towards a trademark is to simply prevent anyone from commercially marketing an illegal product, nothing more. There have been no lawsuits filed against any of the M.A.M.E. authors, and there have been no claims towards the open source engine, nor will there be We are simply protecting our commercial market, and nothing more. We have no interest in the hobby community. We have no interest in the open source project. Our goal is to simply stop the rampant piracy in our marketplace, and we will use every means at our disposal to do so.

I welcome open discussions about this situation, and will respond to legitimate communications or questions.

-David R. Foley

---------------------------------------------------------------------------- ---------------------------------------------------------

David R. Foley
UltraCade Technologies"

An anonymous reader submits "Zophar's Domain is reporting that the CEO of commerical multi-arcade kit seller UltraCade has applied to trademark the name and logo of the ubiquitous open-source multi-arcade emulator MAME and is planning to sue MAME's authors." Update: 02/21 13:26 GMT by T : UltraCade Technologies CEO David R. Foley contacted Slashdot with an emailed explanation of the filing, reproduced below at his request. Update: 02/21 18:16 GMT by T : Please note that Foley's email specifically states that "There have been no lawsuits filed against any of the M.A.M.E. authors, and there have been no claims towards the open source engine, nor will there be."

"Subject: I would hope that you post this to correct your misstated comments on slash dot
Date: Mon, 21 Feb 2005 01:27:43 -0800

Like most things that are spread by rumor, the facts about me, UltraCade Technologies, and the M.A.M.E. emulation system are quite distorted. I will try and educate anyone who cares to listen about the reality of our marketplace and what we are doing and what we are not. Simply put, we are making an effort to stamp out the commercial sales of M.A.M.E. based systems that advertise the ability to play thousands of games while relying on the customer to obtain the ROMs which can not legally be obtained. What we are not doing is trying to claim ownership of the M.A.M.E. open source emulator or sue its authors. We are concerned about the commercial marketplace, and not the readers of the many M.A.M.E. user groups and forums.

I have been working on emulation technology since the mid 80's when I did work on an emulation project in college. In 1994, while working on games for companies like Sega and Williams, we developed an emulation of the arcade games Joust, Defender and Robotron that ran on a Sega Genesis. In 1996, we started the Lucky 8 project which turned into the UltraCade project. In 1998 we were one of the first companies to acquire the rights to classic arcade games from various publishers. We have licensed games from several manufacturers including Capcom, Jaleco, Taito, Stern, Incredible Technologies, Midway, Atari and more. We have started several projects and built prototypes for companies like Sega, based on technology that was licensed from authors from the emulation community. We have licensed technology from many of the communities programmers, paying them to use their code in our products and demonstrations. We have been the leader of the retro arcade movement, and have invested millions of dollars creating a market for retro games. UltraCade was the first successful multi-game arcade machine combining many of the old classics. We further enhanced the market by creating Arcade Legends, our consumer version of the UltraCade product. We have also paid hundreds of thousands of dollars in licensing fees to have the right to sell our games.

In the past couple of years, there has been a huge wave of resellers competing with our UltraCade and Arcade Legends products. They build a similar style cabinet, install a PC in the machine, load M.A.M.E., and sell it for a very low price. Lower than we could ever offer our machines for sale. How? Quite Simple. They profit by stealing others work. If you look at the web sites, and read the eBay ads they offer machines that "Play over 4,000 Classic Arcade Games" They then try and skirt the law by pretending that they are not promoting piracy of these same 4,000 games with statements like "we don't load the ROMs" but of course, almost all of them do. The others that don't, they provide you with an instruction sheet with a link to several web sites where you can illegally download the ROMs, or provide you with the contact information for a CD/DVD duplication house that will sell you a set of ROMs for all 4,000 games for less than $200. Would anyone really buy this arcade machine if they knew that there was no legal way for them to run over 99% of the games that they were promised, I don't think so, and if you really look at this without emotion, I'm sure you would agree. These companies are simply selling the promise of thousands of games on a machine that can not possibly run them legally. I sometimes hear the argument, "well, I could go on eBay and buy up all of these games and then run it", and while plausible, it certainly would not be anywhere near cost effective, and again, if the customer knew that to legally operate these games, they have to spend thousands of dollars buying legal ROMs I seriously doubt that they would consider purchasing a M.A.M.E. machine. Anyone reading this email thread is an intelligent person, and if they put emotions aside, they will realize that what we are saying about selling M.A.M.E. machines and the promise of getting 4,000 games for the average consumer can't possibly happen. Unlike most of you reading this, the average consumer looking to buy a machine for their game room has no idea how emulation works, or what is legal and illegal to do. To them, they read an advertisement on a website or on eBay and compare our product with 50 games or an ad for a machine that promises thousands of games, with the promise of instructions about how to obtain those games. Of course, in this skewed environment the average consumer would gravitate towards the thousands of games machine, not realizing that the software and the games are unlicensed and illegal to play. Most consumers who are pointed at a web site selling a 7 DVD set of ROMs have no idea that this is an act of piracy, they were simply instructed to do this by the person selling them their arcade cabinet, and told this is how you get the games.

Now that we have attempted to take legal recourse to prevent illegal competition, the same people, who steal the work of the M.A.M.E. authors, and then profit by selling machines that have no value without the pirated games being made available, turn around and cry foul when we call them on their ways. They run to the M.A.M.E. discussion forums and spread rumors about UltraCade suing the authors of M.A.M.E. or stealing the M.A.M.E. engine. I'm amazed at the response of the community, a community that is being whipped into action by the same people who are stealing and profiting from them and they're efforts. Many people have reacted with hate mail without even considering to look at the facts of the situation, or to realize who is spreading the rumors. They are being spread by those who wish to profit by selling unlicensed games.

The simple fact is that we are attempting to stop the tide of illegal arcade machines, and the promotion of unlicensed games. The M.A.M.E. platform, while a technical marvel, consists of many violations of copyrights and trademarks. The authors have always stated in the documentation that it was not put into the public domain to steal from the game authors or publishers, and they have always been hands off about how to obtain the ROMs. They have also clearly stated that it is not to be used for commercial gains. A majority of the publishers who own the copyrighted material have not paid much attention to this marketplace, as until recently it has not had a huge commercial impact. But now, there are websites and eBay sellers selling machines that directly compete with legitimate publishers like us who publish games from Capcom, Taito, Midway, Atari and others, or publishers like Namco that publish Ms. Pac-Man/Galaga or the Donkey Kong/Mario Bros. machines.

Of the many thousands of games that M.A.M.E. supports, only a minute fraction of them can legally be played on a M.A.M.E. equipped machine, and many can not. There are many fallacies about the legality of owning ROMs and how you can play the game. Many people claim that they have a board set and therefore they can download as many ROMs as they like. The law is very strict. You can transfer the image from the actual original ROM chips, which you legally own, to another piece of hardware, provided that you actually transfer the code from the chips. Just having a board sitting around, and saying I have the right to play it is not the case. Many people point to StarROMs and say that they can then sell the games with the ROMs installed. This is not the case either. StarROMs license prohibits the resale of the game licenses, and only the end user can purchase these ROM images, resellers can not. Our market is further plagued by the rash of 4 in 1, 9 in 1, 24 in 1 39 in 1 and the new 300 in 1 "multicade" boards. These boards come from Taiwan and Hong Kong and contain illegal copies of the ROMs of several games.

This is a complex case amongst companies that are trying to make it about UltraCade stealing something from the M.A.M.E. team. That is not what this is about. This is simply UltraCade Technologies and other publishers doing whatever it takes to protect our commercial interests and prevent other companies from stealing our market by capitalizing on unlicensed games and selling products that only have value when coupled with illegally obtained games. Our application towards a trademark is to simply prevent anyone from commercially marketing an illegal product, nothing more. There have been no lawsuits filed against any of the M.A.M.E. authors, and there have been no claims towards the open source engine, nor will there be We are simply protecting our commercial market, and nothing more. We have no interest in the hobby community. We have no interest in the open source project. Our goal is to simply stop the rampant piracy in our marketplace, and we will use every means at our disposal to do so.

I welcome open discussions about this situation, and will respond to legitimate communications or questions.

-David R. Foley

---------------------------------------------------------------------------- ---------------------------------------------------------

David R. Foley
UltraCade Technologies"

EvilMagnus writes "I just came across this thread over on usenet where J. Michael Straczynski, creator of Babylon 5 and Jeremiah, talks about the cancellation of Enterprise. It seems he and a collaborator have already written a series bible and treatment for a new version of Star Trek - but it's not been pitched to Paramount out of 'political considerations' (Berman refusing to give up his dead horse?). JMS calls for everyone who thinks a JMS-run Star Trek series would be a good idea to write Paramount and let them know." Along similar lines, yonnage writes "Last week there was an article posted here about Enterprise fans atempting to pay for the next season of Enterprise. It seems that all the efforts have been pulled together and a new website has been created and has started collecting contributions for Enterprise's next season." Update: 02/16 19:47 GMT by T : Read the rest of the thread to see JMS's followup; he's decided to at least postpone this endeavor.

cryptoluddite writes "PC Magazine has an article by John C. Dvorak expanding on the community discussion of Google's offer for free web hosting of Wikipedia. Those against the deal point out that Google may be planning to co-opt the encyclopedia as Googlepedia (by restricting access to the complete database). In a revealing speech given by the Google founders, Larry Page says he would 'like to see a model where you can buy into the world's content. Let's say you pay $20 per month.' Should public domain information be free?" It's a pretty scary scenario painted, but one can hardly take a speech from 2001 as serious evidence these days. Update: 02/16 20:16 GMT by T : This story links inadvertently to the second page of the column; here's a link to the first page.

mocm writes "The Inquirer has a story about how Bill Gates tried to pressure the Danish prime minister Anders Fogh Rasmussen into accepting the European Union's proposed directive on software patents by threating to terminate the 800 jobs at Navision, which had been acquired by Microsoft." Update: 02/16 00:41 GMT by T : cfelde points out a CNET story which says that "The European vice president of Microsoft Business Solutions, Klaus Holse Andersen, denied on Tuesday that the jobs at Navision were ever at risk." Believe who you'd like.

nazarijo (Jose Nazario) writes "Everyone knows that Kerberos is the biggest solution to the single sign-on dilemma. How can you get everyone using one bank of accounts on loads of machines, from UNIX, OS X, and Windows environments, and do so securely? You can shoehorn in a variety of mechanisms, or you can adopt Kerberos. However, Kerberos intimidates a lot of people, somewhat deservedly so, but also somewhat needlessly. Enter Kerberos: The Definitive Guide, one of the latest 'definitive guides' from O'Reilly." Read on for the rest of Nazario's review. Kerberos: The Definitive Guide author Jason Garman pages 272 publisher O'Reilly and Associates rating 7/10 reviewer Jose Nazario ISBN 0596004036 summary A comprehensive, cross platform guide to Kerberos

I got started using Kerberos many moons ago, at my university. This is probably how many people got to know about it. While I didn't use it very much, it's there that I learned the basics and experimented a bit with Kerberos. Interest in it took off after Microsoft incorporated Kerberos authentication mechanisms into Windows 2000. Suddenly it wasn't such arcane knowledge.

Two open source Kerberos implementations exist, the MIT reference implementation, and the Heimdal Kerberos implementation. Even then, there are two main versions which you can find, Kerberos IV and Kerberos V. Kerberos IV went away for most environments with the passing of the Y2K mark, but some legacy apps need support. So, you still have to deal with it on occasion.

In writing Secure Architectures with OpenBSD, I got a lot more intimate with Kerberos, and even set up a decently sized realm in my house. Hence, I got to experience the turmoil of setup and debugging. A book like Kerberos: The Definitive Guide (K:TDG) would have been very welcome. Instead, I slogged my way through it, and got it to work for the most part.

K:TDG will help you set up your Kerberos world by introducing you to the complex subject, terminology, and the pieces. Once you learn the basics, you recognize that a simple realm is actually somewhat easy to set up. The author, Jason Garman, uses a mixed Mac OS X, UNIX, and Windows environment, focusing on UNIX most of the time. The bulk of the examples deal with MIT Kerberos 5 version 1.3 (krb5-1.3) but should work for most versions. Some attention is given to the Heimdal implementation (which is integrated with BSD, for example), and for the most part you'll be OK. Windows examples are also pretty copious but always come second. If you're comfortable with UNIX, you'll easily be able to translate these into Windows examples to help bridge the Windows gaps.

Chapter 1 is an obligatory Introduction, a short chapter that introduces the key concepts of Kerberos and what the book will cover. A very quick comparison of Kerberos to DCE, SESAME, and earlier versions of Kerberos is given. This chapter serves as a nice selling point for the book, it's the type of thing you'd flip through in the book store to decide if you should buy the book or not.

Chapter 2 is a decent overview for the new user of Kerberos to the system and how it works. Kerberos is placed into its role in a AAA infrastructure - authentication, authorization, and accounting - as well as some caveats that are commonly made. You'll learn about core Kerberos features like tickets, realms, principles, instances, ticket granting tickets, and the ticket cache. A decent overview for practical purposes is given, but you will definitely want another resource if you're interested in diving headlong into Kerberos.

These pieces come together in Chapter 3, where the actual protocols are described. They're laid out for a non-cryptographer, so go elsewhere if you want to learn the real formal material behind the system. Understanding the protocols is important to understanding the service as a whole. For someone new to Kerberos, you'll probably want to spend a little more time reading this to get oriented in the Kerberos world. The chapter doesn't mess around too much and delivers a fair treatment of the material.

Chapter 4 is the meat of the book's material, setting up your implementation. It all starts with the KDC (key distribution center) and realm initialization. Again, the bulk of the treatment is on the MIT implementation on UNIX, with the Heimdal and then Windows sections following next. Slave KDCs are also introduced, which is useful for large environments. An OS X server is missing, but Kerberos clients for all three (UNIX, Windows and OS X) is given. The role of DNS is also explained well, a useful touch that's missing in some Kerberos documents I've used in the past. This chapter will get you started, and with some of the supplied documentation you should be up and running in no time.

Chapter 5 is devoted to troubleshooting, an all too familiar task for a new Kerberos administrator. Common problems, their diagnosis, and resolution are discussed. I like the presentation of this chapter and think it will be useful for most real-world situations you'll encounter.

Security concerns with Kerberos are covered in Chapter 6, which discusses concrete and abstract attacks on the Kerberos scheme. Since all of the security in Kerberos resides in your KDC hosts, obviously this covers some of the material. However, the clients can exposes your Kerberos realm to attacks, as well, and how to circumvent these problems is covered. A decent and practical chapter, and covered on both UNIX and Windows.

In Chapter 7 a number of Kerberos enabled applications are discussed. After all, you can do more than just log on locally with Kerberos, you can use remote login programs like SSH, remote access scenarios like printing, and even control X via Kerberos. While not every application that I would have liked was covered, the treatment was fair and should get you started with a number of Kerberos enabled tools in your new realm.

A strong selling point of the book is given in Chapter 8, titled Advanced Topics. Three main topics are discussed. The first is cross-realm authentication, where you have more than one separate Kerberos realm on your network but you want to have users switch between the two without creating accounts in the other. This can get tricky, and the book does a decent job of introducing it, but it's not as complete as it could be. The second main topic in this chapter is Kerberos 4 and 5 interoperability, which is relatively straightforward. Most Kerberos 5 implementations come with tools to process Kerberos 4 ticket scenarios to handle legacy applications. And finally, a really valuable section covers UNIX and Windows Kerberos interoperability, a hairy issue. Again, incomplete but strong enough that you should be able to get it working with some elbow grease. This is probably the most valuable chapter of the book, which does a decent job at the introductory level, but you'll be left to tie up a few loose ends on your own.

An obligatory case study is given in Chapter 9, where you can see a number of configuration samples and even a mixed Windows-UNIX environment. Not terribly useful when compared to chapters 4 and 8, but overall worthwhile. It may answer some of your questions, even. Chapter 10 wraps up the book with looking at Kerberos futures, which isn't all that useful, honestly. What gets more useful is the appendix, which gives an administration reference. Lots of commands are given for MIT, Heimdal and even for Windows, so you can quickly jump there to refresh your memory on a topic.

Overall this book is recommended if you need a place to start working on Kerberos, especially in a mixed environment. The MIT and Heimdal documents are a fair place to start for a UNIX only Kerberos realm, but if you find they aren't enough, this is probably the right book for you. The book's main strength is that it covers Kerberos on the three main platforms in use (Windows, OS X, and UNIX), although it could provide a deeper treatment to the mixed environment than it gives. Still, you should be able to use this as a starting point, and it's probably the best treatment I've seen so far on Kerberos setup and administration.

You can purchase Kerberos: The Definitive Guide from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page

spectre_be writes "Davyd Madeley wrote a Sneak Peek at Gnome 2.10, scheduled for release on the March 9, 2005. Looks like the new release-policy is starting to pay of, as several existing utilities get enhancements and a couple of new ones are added. Also (finally) a mozilla-stylee type-ahead find has been implemented in Gnome's Open/Save dialog. Together with OpenOffice.org 2.0's scheduled release and Novell's Mono coming up to speed, will 2005 prove to be the year of Gnome?" Update: 01/18 01:40 GMT by T : Oops - the "2-point" got chopped off in the headline; still a while until GNOME 10.

Michael Wally writes "GMail messages are vulnerable to interception. An attacker has only to transmit malformed test messages to himself, and information left over in memory, from previous messages destined for other people, will appear with the test messages, in the attacker's inbox. Sometimes, this information may include usernames and passwords... Do you use GMail? Are your communications private? Should they be? Well, here's what we figured out about the issue, that may or may not help you - or perhaps GMail, if anyone can get ahold of their developers, to tell them about it." Update: 01/12 22:21 GMT by T : Good news for Gmail users; those malformed messages are no longer being accepted; read below for a message from Chris DiBona.

chrisd writes "Just so you know, at 10:15am PST mails with the problematic formatting as described in your previous story stopped being accepted into Gmail. Previous emails that had this problem will also no longer will be accessible. If you don't mind, I'd like to take the time to remind Slashdot readers that they can send bugs that may have a security aspect into security@google.com. If they like, they should feel free to cc me at cdibona@google.com. We appreciate your patience and we're sorry about the bug."

Thomas Hawk writes "Sean Alexander is one of the guys on the Media Center Team at Microsoft who was involved in the CES presentation with Bill Gates. Sean also runs a very interesting blog called Addicted to Digital Media. Gates and Microsoft have taken a lot of heat over the course of the last two days for the technical glitches in Microsoft's presentation at CES. Sean offers us the rare glimpse on why the glitches happened and what it's like to be backstage at the big Microsoft presentation at CES. Very good follow up on Sean's part." Update: 01/08 19:03 GMT by T : Hawk writes with a static link to Alexander's story.

troop23 writes "A web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday. Almost 40,000 sites may have already been infected. In an odd twist if you use Microsoft's Search engine to scan for the phrase 'NeverEverNoSanity'-- part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits." Reader pmf sent in a few more information links: F-Secure weblog and Bugtraq posting. Update: 12/22 03:34 GMT by T : ZephyrXero links to this news.com article that says Google is now squashing requests generated by the worm.

Jacco de Leeuw writes "SecurityFocus published an article by Michael Ossmann that discusses the new generation of WEP cracking tools for 802.11 wireless networks. These are much faster as they perform passive statistical analysis. In many cases, a WEP key can be determined in minutes or even seconds. For those who have switched to PPTP for securing their wireless nets: Joshua Wright released a new version of his Cisco LEAP cracker called Asleap which can now also recover weak PPTP passwords. Both LEAP and PPTP employ MS-CHAPv2 authentication." Update: 12/22 00:14 GMT by T : Michael Ossmann wrote to point out his last name has two Ns, rather than one.

silassewell writes "A Rice University computer scientist and two of his students have discovered a potentially serious security flaw [Sell your soul to the NYTimes to Read] in the desktop search tool for personal computers that was recently distributed by Google." Update: 12/21 03:15 GMT by T : An anonymous reader writes "It's being reported that the security problem in Google's Desktop Search has been plugged."

thequbemaster writes "The OpenBSD project, responsible for OpenSSH, OpenBGPD, and OpenNTPD, has created OpenCVS, a BSD licensed implementation of CVS client and server. From the site: 'It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.' No releases are available yet. The README in the OpenCVS CVS repository states that the server is not ready yet, but looks like the client is usable." Update: 12/15 20:18 GMT by T : This project was mentioned briefly the other day, too.

zigam writes "The time needed to boot desktop Linux systems is becoming an issue. That's why I recently took the challenge posted by Red Hat's Owen Taylor on the Fedora developers list and came up with a tool for visualization of the boot process. It collects performance data during the boot up and then renders an SVG or PNG performance chart. It immediately helped Red Hat developers solve some issues and I have since received boot charts from other GNU/Linux developers as well. Solaris kernel developers reported success in improving their boot process too." Update: 12/15 20:04 GMT by T : Sorry, someone decided your time was worth wasting; no more mirrored bootchart.

Jack.Gavigan writes "Trading Technologies, who own patents which they claim cover various electronic trading systems, have published an open letter to the futures industry, asking that the top futures and options exchanges (Eurex, LIFFE, CME and CBoT) pay 2.5c for each trade transacted on their electronic platforms. This is going to be interesting - we're not talking about a couple of online bookstores here. Billions are traded every day in the global futures markets." Update: 12/15 19:18 GMT by T : As reader Bryan Sloane points out, the original headline incorrectly said "Options" rather than "Futures," as it should have and now does.

Mr_Silver writes "Sony's new MP3 based HD player (the snappily titled NW-HD3) is reviewed over at head-fi.org. Unfortunately it can't remember where you last were located when browsing, you can't list all the songs by an artist, 1.5 hours to transfer 2100 songs (instead of the iPod's 15 minutes) and a wall of noise in the output. Final conclusion? 'If there was a way I could return this thing, I'd do it in a second.' So close, yet so far." Update: 12/14 00:35 GMT by T : Not quite so fast: As forums.minidisc.org Administrator Christopher MacManus writes, it turns out that (as the threads below this review reveal), "The reviewer discovers that the unit he had is defective as someone else employs one and there is no hiss issue. Furthermore, the software woes he experienced are related to him employing JAPANESE software on an English operating system. Sonicstage 2.3, which he needs to use the unit, is now available in English."

multiOSfreak writes "According to this Reuters articl, two video game store employees have been arrested for modding video game consoles. From the article: 'Authorities arrested two store employees on charges of conspiracy to commit copyright infringement and conspiracy to traffic in a device that circumvents technological protection measures, the ESA said.'" It's not clear from the article whether the modded consoles were sold without copies of the games which had been installed on their hard drives, which would seem to be the most important distinction between convenience for buyers and actually ripping off game makers. Update: 12/08 22:43 GMT by T : This thread on boing-boing includes a comment from a would-be customer who says (among other things) that store employees "were also preloading the XBox systems with tons of emulators (arcade and console) and as many ROMs as they could find."

Satertek writes "Following up a previous post, a teaser was posted on the Steam website with the image HL2DM.jpg entitled 'Soon', confirming rumors of a Half-Life 2 Multiplayer Deathmatch game. It was also brought up on the forums by Valve. It will be released alongside the SDK sometime this week." Update: 12/01 13:49 GMT by T : Since this was written, "this week" has turned into "now"; the update was released last night.

LucidBeast writes "We all remember Voyager, the first plane to fly around the world in 1986 on one tank of gas. Now Voyager pilot Steve Fossett plans to do it solo with a jet powered GlobalFlyer. See also New York Times article about it (registration required). The idea of the solo flight according to this story originated with the Voyager builder Dick Rutan." Update: 12/01 13:25 GMT by T : Note, the original submission reversed the roles of Rutan and Fossett; Fossett is the pilot, while Rutan (and his company, Scaled Composites) is the builder.

An anonymous reader writes "Lycos, shortly after producing a screen saver to fight spammers using a DoS-style attack appears to have been hacked. Attempting to download the screen saver from lycos results in this message 'Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.' Or maybe it's just a joke -- can you ever tell?" Update: 12/01 15:07 GMT by T : According to Lycos, the defacement reports were actually just a hoax.

Qbans writes with a link the NYTimes story on a foiled robbery attempt at a Verizon Central Office in White Plains, New York, snipping "The plan seemed simple enough. The building had been cased and the burglars knew exactly what they wanted - advanced computer circuit panels that could be sold on the black market for hundreds of thousands of dollars." Qbans points out that this story parallels a previous story on how equipment was (successfully) stolen last May. Update: 11/27 22:01 GMT by T : Reader Dave C contributes a link to coverage at the registration-free JournalNews.com.

jZnat writes "Gamespot reports that Sony has made an official announcement warning gamers that the Holiday 2004 Demo disk, which includes the Viewtiful Joe 2 demo, will erase all memory cards in the system at that time. This was originally publicized by Playstation Underground, and now Sony has bit the bullet and confirmed it." Update: 11/27 22:38 GMT by T : Curt Feldman of Gamespot pointed out that his site's name had been garbled as "Gamepost"; no longer.

ks writes "Novell hacker Jan Holesovsky has released a build of OOo 1.1.3 that integrates with either KDE or GNOME depending on the environment it's running in. The build features KDE/GNOME look and feel, KDE/GNOME file dialogs and the Crystal icons. If you're running NLD, you have this already." Update: 11/27 18:13 GMT by T : Also on the OpenOffice.org front, the OO.o front page links to this interview with Debian ARM developer Peter Naulls, who has ported the suite to ARM processors. Hint: they're everywhere.

thelizman writes "Director James Cameron, who gave us the Terminator movies (I, II, III) , Aliens, The Abyss, and brought Dark Angel to the small screen will give us a new treat. According to AP, Cameron will direct a live action + cgi movie based on the Battle Angel Alita (GUNNM) book series. Slated for release in 2005-06, the movie will be available in 3D as well as 2D versions. Cameron will be using 3D technology developed for IMAX films to deliver the 3D versions (and on IMAX maybe?). Another twist is that the lead character will be CG, while other roles will be filled by live actors." Update: 11/25 22:42 GMT by T : Sunny Dubey writes "Terminator 3 was *not* directed by James Cameron. It was directed by Jonathan Mostow."

spafbnerf writes "Fyodor, author of the open-source network scanning tool Nmap, posted a story to the nmap-hackers list about having received a number of subpoenas from the FBI this year, demanding webserver log data, none of which produced anything, either because they sought old information that had already been deleted from his logs, or because the subpoenas were improperly served. In every case the request was narrowly crafted, usually directed at finding out who visited the site in a very short window of time, such as a five minute period. Fyodor writes: "If they see that an attacker ran the command "wget http://download.insecure.org/nmap/dist/nmap-3.77.t gz" from a compromised host, they assume that she might have obtained that URL by visiting the Nmap download page from her home computer"." Update: 11/25 20:21 GMT by T : Reader kv9 adds a link to Kevin Poulson's story at SecurityFocus.

Jackie O writes "According to an employee blog on the Liftport Group website, their prototype robot for the Space Elevator has just successfully climbed a 260-foot building (in a driving snowstorm, no less) at MIT. Now all they have to get it to do is climb over 60 thousand miles into space, carrying things. Good luck there." Update: 11/17 05:17 GMT by T : Liftport has posted some photos from the ascent, too. Thanks!

Richard Mathias writes "Following on from the posting a month ago, where SCO said it was going to launch a new website to counteract Groklaw and give its side of things - well, now the company looks like it's given up on the whole plan. It was originally supposed to be at Prosco.net, then SCOinfo.com, but both have holding pages and a spokeswoman has said it may never happen at all because of "legal and management concerns"." Update: 11/03 01:10 GMT by T : editingwhiz writes "Despite earlier published reports, SCO Group is indeed still planning to post a lawsuit-information Web site under a new name, SCOinfo.com, company spokesman Blake Stowell told IT Manager's Journal today. So SCO is not throwing in the proverbial towel after all. But does it really make any difference? (IT Manager's Journal is part of OSTG.)"

ooglek writes "Verizon is now qualifying and accepting installations for FTTP (Fiber To the Premises)! $39.95 for 5MB/2MB, $49.95 for 15MB/2MB, and $199.95 for 30MB/5MB. No word yet on whether Verizon will block ports (25, 80, etc) for incoming or outgoing traffic; with 2MB upload, I hope to basically run a small data center in my basement. Both phone and Internet will come through the fiber, and there is an unofficial rumor of video services as well by the end of this year. Got Fiber? My install date is November 2nd in Falls Church, VA (near DC). Several people in Keller, Texas have posted pictures and reported 14,679 kbps download and 1,794 kbps download speeds." Update: 10/26 23:52 GMT by T : That second "download" ought probably read "upload."

rixdaffy writes "I just received an email from the 'Redhat Security Team' telling me that I needed to download some tar file from fedora-redhat.com. Besides the fact that I don't use Red Hat/Fedora, I immediately smelled something fishy. Maybe it's not the first trojan targeted at Linux users, but together with the official sounding domain, it could trick some users into downloading and running the binary. It looks like Red Hat is already aware of the issue." According to Red Hat's page, "These emails tell users to download and run an update from a users home directory. This fake update appears to contain malicious code." Update: 10/25 01:32 GMT by T : One borked link, unborked.

esimp writes "According to technewsworld: 'As servers with dual-core processors come closer to hitting the market, Microsoft announced today it will not base its per-processor software licensing charges on the number of cores in a chip, sticking to the traditional price per processor, regardless of its number of cores." Update: 10/20 00:37 GMT by T : One of the identical links to TechNewsWorld's story has now been deleted.

TAGmclaren writes "The Sun-Sentinel is reporting on computer glitches already affecting the election in - you guessed it - Florida. Of the 14 early voting sites that opened in Broward County on Monday morning, 9 were reporting problems. In Orlando County, the touch screens crashed. More generally, SFgate.com is keeping track of all voting issues across the country - including lawsuits and other ballot problems." Update: 10/19 03:38 GMT by T : Thanks to reader Dale J. Russell for pointing out that "there is no Orlando County. The city of Orlando, Florida resides in Orange County."

Golygydd Max writes "Dave Voorhis from the University of Derbyshire has developed a program incorporating Tutorial D, a language designed to overcome of the shortcomings of SQL, and developed some years ago by Hugh Darwen and Chris Date. Until now, no-one had done anything with it but Voorhis is hoping for wider adoption; although we think it would be like pushing water uphill though." Update: 10/13 12:43 GMT by T : An anonymous reader writes "It's being picky I know, but the university in question is in fact called The University Of Derby, not Derbyshire."

edpin writes "University of Colorado at Boulder students hacked the 30,000-plus-member Internet Chess Club as part of research funded by the National Science Foundation. With guidance from University of Colorado at Boulder computer security researcher John Black, two students reverse-engineered the service to up their ranks and steal passwords." Update: 10/10 23:05 GMT by T : Reader Bryan Rapp points out that this story duplicates the one posted last month -- sorry about that.

bippy writes "A Miami attorney claims that a teen accused of plotting a massacre used GTA to prepare for the attack, RedAssedBaboon reports. Attorney Jack Thompson is the same guy who is trying to link the murder of Stefan Pakeerah last year to Manhunt. Pakeerah was beaten to death with a claw hammer by a friend who, Thompson claims, was inspired by Manhunt. The uproar surrounding the case led to the game being pulled from many British store shelves and Prime Minister Tony Blair looking into a link between violence and video games. It looks like Thompson has found himself a niche." Update: 10/10 19:25 GMT by T : Peter Endean writes "It might be worth noting that in fact in the case of the murder linked to Manhunt, it was the victim who owned the game."

ancice with news that Via plans to introduce 64-bit chip codenamed 'CN.' "It was revealed at the Fall Processor Forum. The chip 'will have much better performance, particularly when handling video and audio information ... However, it won't depart from Via's emphasis on low cost, small size and modest power consumption.' Features include 'high-speed Front Side Bus, ... Floating Point Unit that can achieve floating-point additions and multiplies using only two clock cycles, an increased cache size, high-speed data movement, and out-of order, superscalar execution that allows the processor to achieve high clock rates while executing multiple, simultaneous instructions for high definition digital entertainment.' The story was reported by ZDNet. The offical release is here. Expected release date is first half of 2006." Update: 10/06 13:10 GMT by T : Also at the Forum, VIA showed off a dual-processor Mini-ITX board, about which more below.

An anonymous reader submits "Via gave a sneak preview at the Fall Processor Forum of what is likely the world's first dual-processor mini-ITX mobo. The "four-wheel drive Hyundai" is expected to ship in "early 2005," according to the article at LinuxDevices. Looks like Via is cooking up some higher-end hardware in hopes the security processing features in its CPUs can carry it into higher-margin markets. I don't know, though; I think I'd rather have a PocketPC cluster ... "

hype7 writes "CNet's News.com.com is reporting that AT&T is reconsidering its corporate IT investment in Microsoft Windows - with both Mac OS X and Linux being considered. Although the article notes that AT&T is not actively seeking to replace Windows, there's a wonderful quote on the page from the AT&T guy - 'Any CIO would not be doing due diligence if they are not looking at their options now.'" As with previous mass-migration stories, a cynical (or realistic) viewpoint is also that by "looking into" non-Windows operating systems, they're giving themselves a bargaining chip when talking with Microsoft. Update: 10/06 17:35 GMT by T : Actually, that's 70,000 desktops, rather than 7,000 as originally stated.

SpaceShipOne's second flight was a success, the craft successfully launching from mothership White Knight and returning safely about 20 minutes later. If the flight is certified to have reached the X Prize's target height (62.5 miles) before its safe return, it will win the $10 million purse, and more importantly attain the prestige of repeatably (if only technically) reaching space, on a budget embarrassingly smaller than NASA's. Today's flight was manned by 51-year-old test pilot Brian Binnie (rather than Mike Melvill, who piloted last week's trip), and according to spectators present at both launches seemed even smoother than last week's flight. The view from the sidelines was incredible. flapjack submits a link to CNN's coverage of the launch (which lists a claimed height attained of 368,000 feet), noting "Interesting to note that a majority of its funding ($20-$30 million) was put up by Microsoft's own, Paul Allen." See also the official X Prize site for continuing live coverage. Update: 10/04 17:05 GMT by T : I was able to attend the launch; read below for my short sketch of the event. Impressions from the launch:

I got to Mojave yesterday evening (it's a long way from El Paso), slept in my car, and got to the airfield itself just before 4 a.m. Traffic on state highway 58 was brisk already, though not clogged (which it later became), and nearly every car was turning onto the two-lane entrance heading for acres of packed-dirt parking spaces near the runway from which SpaceShipOne would take off.

The crowd which built up in the following hours was surprisingly quiet on takeoff, which happened right at 7:45 local time. Not exactly hushed -- perhaps "hesitant" is a better word, or maybe just waking up. Only scattered clapping (guilty!) as the White Knight / SpaceShipOne piggyback duo lifted off, followed shortly by two chase planes, an AlphaJet and a Beechcraft Starship. The enthusiasm grew, though, as the flight progressed; a P.A. system kept the spectators informed of the trip's progress.

When SpaceShipOne finally separated and fired upward ("Good release, good release!" over the P.A, followed by enthusiastic cheering), it was after three separate two-minute warnings, then for one-minute and 30-second intervals. After an 84-second burn followed by a clean shutdown, SpaceShipOne coasted to its final altitude. At 90 seconds into the flight, the ship was well past 100,000 feet, and out of sight to the unaided eye. At 7:51, an altitude of 328,000 feet was reported, but the ship was still climbing for the next 40,000 feet under its own momentum. The reported peak altitude is enough to top the previous record, set by an X-15 at 354,200 ft. in 1963.

The descent was happily uneventful. At 60,000 feet, Binnie experienced "slight oscillations" -- consistent with previous flights, according to the announcer, who continued to count down the altitude. At approximately 45,000 feet, the conditions are right for contrails, and more cheering erupted when those popped into view. The crowd perked up and cheered even more with the first of two sonic booms audible on the ground (the booms that occur during ascent aren't), pointing and shading their eyes from the sun, following the ship as it traveled in wide arcs to bleed off the energy of the ascent, followed by a smooth 3-point landing.

(Special thanks to the members of the Foothill High School band who traveled the three hours from Orange County to watch the flight and play both before and after the flight. The launch itself was surprisingly low on ceremony, and their playing provided a bit of well-deserved pomp.)

tjg89 writes "CNN.com has an interesting article about some deragatory comments made about Daily Show viewers by Bill O'Reilly and how Comedy Central reacted. They not only proved that the Daily Show viewers are better informed than viewers of his show, but they are also more informed than viewers of Jay Leno and David Lettermen. Are more slashdot readers Daily Show people or O'Reilly people?" Update: 09/29 16:55 GMT by T : The Daily Show's audience actually topped viewers of "The Tonight Show,""The Late Show" and "The O'Reilly Factor"; CNN just carried the story. (Thanks to reader Robert Nevitt for the correction.)

Florian Becker writes "A new Wiki with hardware information for newbies and developer has opened. The site can be found at linux-driver.org." The site is designed to collect driver information about as many pieces of Linux-friendly hardware as possible, "like specifications, developer specifications, installation and the actual state for Linux driver and support. The new page reached the 500 contents in just one week." Update: 09/29 16:08 GMT by T : Jeremy of linuxquestions.org writes "Just wanted to point out that LinuxQuestions.org has a user-created Linux Hardware Compatibility List that already has over 1,500 items." Thanks!

knovis writes "The Ansari X Prize is being attempted at this moment: 9:30am EST. Bert Rutan and Paul Allen's Scaled Composites is preparing to make the first of 2 launches necessary. For the uninitiated, the X-Prize is a $10M prize available to the first entirely privately funded organization that creates a vehicle that travels to 100km above the earth's surface (low earth orbit) twice within 2 weeks. IIRC, SpaceShipOne is planning 3 flights for that 2 week period, for safety. Best of luck to Private Spaceflight. Did anyone else notice that Virgin Galactic has just been launched?" Project Zen writes "MSNBC has an article about how the seats won't be filled with people but mementos of the crew." Several readers sent links to CNN's story on the flight, and space.com's continuing coverage, including by webcam; NASA TV also has an eye on the launch. (Watch this space for updates.) Update: 09/29 15:57 GMT by T : Disconnect writes "As reported all over, SpaceShipOne successfully flew its first X-Prize flight attempt. As of now (11:45:40EST) the officials have not cleared the flight as successful, but it's looking good."

MonkeyDev writes "Yahoo is reporting that Munich is ready to move forward with plans to 'abandon Microsoft Windows in favor of upstart rival Linux. The council is expected to take a calculated risk and vote through the move, despite concerns about possible software patent infringements in the face of coming European Union legislation that caused months of delay.' Not everyone is excited about it. A software developer at MySQL claims 'Linux violates 283 U.S. software patents.' How does the Linux community respond to these claims?" (Florian Mueller, the MySQL developer mentioned, isn't opposed to Munich using Linux, though -- just the opposite.) Update: 09/29 02:22 GMT by T : Marten Mickos of MySQL AB writes with a correction: "Florian Müller is an independent software developer and entrepreneur. He is ALSO an advisor to MySQL AB but he does not work for the company. He is presently engaged in coordinating opposition against software patents in EU, and thereby doing all of us within free software and open source a great favour."

JimLynch writes "Pardon me while I pimp one of my own stories. We've got a review of Ubuntu Linux up on ExtremeTech. Check it out. Overall we had quite a positive experience with it, we think it's going to be a good distro as it matures. If you're looking for an easy-to-install debian distro, give it a download." Update: 09/27 23:25 GMT by T : Eugenia writes with another review from USALug, and a 6-page comprehensive Ubuntu preview at OSNews, writing "Gnome's & Ubuntu's release manager Jeff Waugh also had an interesting interview detailing lots of interesting tidbits. The final version of Ubuntu is expected mid-October."