Slashdot Mirror

Brainsur writes " A federal grand jury has indicted 19 people on charges they used the Internet to pirate more than $6.5 million worth of copyrighted computer software, games and movies.The indictment outlines an alleged plot by defendants from nine states, Australia and Barbados to illegally distribute newly released titles, including movies like "The Incredibles" and "The Aviator," and games like "Tiger Woods PGA Tour 2005."

Brainsur writes "Today Bill Gates visited Belgium to talk about the Electronic ID card introduced last year in Belgium as experiment. Microsoft announced that they will integrate the electronic identification into the Windows Software so they can deliver more security and privacy on the internet. The register has more news."

Brainsur writes "According to Newsfactor more and more Americans are migrating to high-speed Internet service, with the number of broadband subscribers tripling in recent years, according to a comprehensive report from the Federal Communications Commission. The U.S. is making progress in delivering broadband access underserved areas, the report states. The report also says that the number of users of broadband services (speeds exceeding 200 kbps in both directions) soared to 28 million in December 2003 from 9.6 million in 2001."

Brainsur writes "Live from Linz, Austria. At this moment the biggest Festival for new media and digital art is having place in Linz, Austria. Ars Electronica started in 1979 as a small group of nerds that came togheter to produce cyberarts, digital avant-garde media, digital electronic music and more. Now 25 years later you can experiment with all kinds of new technologies such as walk the internet with SevenMileBoots, interactive plant growing, tracing communications, Pixelspaces, ... If you are around it's definitely worth a visit. Check it out at Ars Electronica"

Brainsur writes "ZDNet reports about Redhat : European marketing director Paul Salazar admits there have been plenty of screw-ups along the way but that Red Hat is now working hard to please the open-source community and investors alike. Making money from open source is a balancing act. While your underlying product is forged in the white-hot fires of online altruism, the success of your business means striking pleasing postures for the investment community."

Brainsur writes "The Nokia 6820 is an ergonomically pleasing handheld device that integrates short text, multimedia and instant messaging capabilities with all of the features and functions that one normally would expect to find in a dedicated GSM/GPRS cellular phone."

Brainsur writes "Oracle on Monday debuted a release of its customer relationship management software that offers sales reps tools for developing proposals and quotes, improving channel management, and aligning a company's sales and marketing staff. The 11i.10 applications also provide built-in analysis capabilities that sales reps use to analyze sales opportunities and report sales-pipeline status."

Slashback tonight with story updates on wireless networking on the highway, on the bounce, and among friends, as well as a more pessimistic report on Nigerian scammers, a good reason your car's mileage might not match the EPA's estimate, and a strange response from Macrovision about the copy protection it's employing in European-market CDs. Read on for the details.

It's not a feature, it's a bug. A representative from Macrovision writes "This statement is being issued to address some concerns that were recently aired on Slashdot with regards to the copy protection of some music CDs, the new Beastie Boys CD in Europe in particular.

Macrovision does NOT install any spyware, shareware, malware or any self-replicating code of any kind onto a user's PC.

When playing a (Macrovision CDS-200) copy-protected CD for the first time, playback software components may be installed, if needed. This software is used to enable the on-disc music player to load an on-screen user interface and to play back the audio. For further information, please contact: cds-info@macrovision.com."

Seems to me that a CD which that requires any software installed for it to be played by a standard CD drive is by definition at least "brokenware," or perhaps "meddleware." What if it's being used in a computer without an operating system supported by these "playback software components"?

Definitional evasion aside, so far CD "copy protection" is mostly about as effective as critics proclaim it to be: ptorrone writes "There has been a lot of talk about the copy protection on the new CD 'Contraband' from Velvet Revolver, but for us we didn't have any problems making MP3s for all our devices despite their efforts to stop us it seems. Here's our story..."

MSN Search pales next to Google, so far. An anonymous reader writes "Reported earlier today here on Slashdot, MSN is preparing a new search engine which is set to knock Google's socks off. However, early results show that not only is the new algorithm lacking enough smarts to knock Google as king, it doesn't even compete with the current MSN algorithm."

Open wide and say "ARRL!" dos4who writes "Well, the ARRL Field Day 2004 results are in, and posted on The The American Radio Relay League website. In the Single Operator High-Power class, congratulations to W5ZN for logging a score well over 600,000!

I had the opportunity to witness the Abbotsford, British Columbia club in action, and it was an awesome experience. Just the sight of all those massive antennae clustered on one field invoked visions of E.T. popping in for a visit."

And william_lorenz writes "Our own group from Ohio made contacts all over the United States and had a great time doing it, camping out in tents and running multiple battery-operated radios and make-shift antennas throughout the day and night. We even played with some Slow Scan TV! What are your stories?"

Seems unlikely it's the only country not to have done so ... bluethundr writes "On the flipside of a story from yesterday the Register reports today: 'Malam Nuhu Ribadu says Nigeria is the only country in the world that has failed to apply special laws or establish dedicated "front offices" to combat the crimes.'"

Are you pumping what you think you're pumping? couch_warrior writes "It was noted in a recent /. inquiry that EPA estimates of mileage vary from real-life experience. While there are several factors that can affect this, one major but often overlooked factor is that the amount of gasoline contained in a supposed 'gallon' varies by up to 10% due to gas pump fraud. Two illustrative stories show localized evidence of this scam, but few states regulate gas pumps effectively. The laws are on the books, but enforcement is typically lax. Cynics might speculate that this is because both the State and the Fed are getting a cut of the illegal proceeds. It is a way for them to increase the tax revenue on fuel, without taking the political hit for raising taxes. A challenge for /. readers -- go buy some gasoline in graduated containers, and check for yourself [avoid 1,5, and 10 gallon sizes; many states use these for testing purposes and the computers inside the pumps 'catch up' temporarily at these intervals]. Persons of conscience might feel motivated to flood their local state weights and measures bureau with complaints (if test results warranted :-)"

Never beam your secrets in a cornfield. bgumm writes "Hot on the heels of the Texas DOT's WiFi stories, here comes one from the corn state, Iowa. The Iowa DOT and an Iowan wireless network company, I-Spot Access, have partnered to offer WiFi at six highway rest stops across the state. USA Today picked up the story, as did the Des Moines Register..."

And for those in a state too backward to have rest-stop WiFi just yet, Porsupah writes "WirelessWeek is reporting that Ricochet has been sold on again; this time, to YDI Wireless. Bay Area readers may fondly remember the company as bringing flat-rate 28.8k wireless connectivity to all of the area several years ago for $30/mo, before expanding aggressively to cover several other major US metropolitan areas, financed by MCI, with a nominal 128kbps service at $75/mo. After bankruptcy, Aerie Networks bought some of the remnants, relaunched in San Diego and Denver, and then.. nothing. What next?"

Brainsur quotes a story saying " Linux kernel 2.6 introduces improved IO scheduling that can increase speed -- "sometimes by 1,000 percent or more, [more] often by 2x" -- for standard desktop workloads, and by as much as 15 percent on many database workloads, according to Andrew Morton of Open Source Development Labs. This increased speed is accomplished by minimizing the disk head movement during concurrent reads. "

Revz writes "The company in charge of the Dark Age of Camelot servers in Europe finally admitted they have been having security problems, after over a week of unusual happenings for the players of this PC MMORPG. Unknown people have been causing havoc with GM admin tools on live servers and have potentially gained access to account passwords. Sanya (the community relations manager from Mythic, who run the servers in the US) has commented on the whole thing in this thread on the DAoC Catacombs site, saying 'server security has never been compromised... there is an explanation for this that doesn't involve anybody breaking into databases or servers'. Pictures and videos of the situation on the European servers where multiple high level creatures were spawned can be found in this thread on an unofficial forum."

Eric Stats writes: "At one point in the not so distant past, Intrusion Detection Systems (IDSs) were network security applications reserved for Fortune 500 companies with enough IT budget to fork up the Big Dollar, or hard core packetheads willing to grep through tcpdump or shadow output. Over the past few years, a new pig on the block, Snort, has put that notion to rest. Instead of having to spring for hundreds of thousands of dollars for a feature-rich, state-of-the-art, IDS; open source fans now have an IDS that meets and beats most of the performance benchmarks and features of commercial, closed source IDSs. Jack Koziol's new book, Intrusion Detection with Snort, presents a comprehensive guide that those either novice to, or richly experienced with, the field of Intrusion Detection can use to get up to speed quickly on Snort." Read on for Eric's review. Intrusion Detection with Snort author Jack Koziol pages 400 publisher Sams rating 9 reviewer Eric Stats ISBN 157870281X summary Handbook on the open source Intrusion

What Koziol implies throughout Intrusion Detection with Snort, but never states outright, is that Snort holds an inherent advantage over closed source IDSs, in that the IDS itself can be tailored and customized for each individual deployment to a level not possible for closed source competitors. If you have had the displeasure of working with a rigid, uncustomizable, IDS you already know where this is going ...

In order for an IDS to be effective, or in some high-bandwidth cases, even usable, detailed network and business context must be applied to the IDS. In a nutshell, IDSs are not as plug-and-play as firewalls or other security applications. For example, if you know you are not running any HTTP traffic on the segment where the IDS is sniffing, you may not want your IDS to waste cycles looking for attacks on Apache. On the other hand, you may feel that the mere presence of HTTP traffic may indicate something innately suspicious, so it is of value to watch for any HTTP traffic. It all depends on what you feel are legitimate threats to the network you are attempting to protect. Snort gives you the power to "watch" for specific attacks, protocol anomalies, or other chatter that has no legitimate business running on your network. Other closed source IDSs don't, or can't, have the same flexibility. Only Snort can implement something as detailed as "Send a page to the CISO's phone if this particular subnet attacks these Apache servers with the chunked encoding exploit."

With Snort, novices can easily write attack signatures (called rules) enable or disable specific protocol decoders, and detect advanced attacks such as exploits utilizing polymorphic shellcode. Without this level of flexibility, you are likely to be flooded with alerts that are not relevant, or, even worse, miss an actual attack that causes irreparable data loss.

Like many open source applications, Snort's biggest downfall has been documentation. Who wants to write boring user manuals when he can write code, right? Well, that's all fine and dandy for Snort developers, but folks that want to actually use all of the neat features can't, unless you tell them they are there, and how to use them. Intrusion Detection with Snort bridges this gap, and offers a clear, concise, guideline that helps plan, implement and maintain Snort-based IDS.

Another oft-cited problem with Snort that Intrusion Detection with Snort addresses is the lack of Snort features that are not directly related to intrusion detection. In essence, Snort's developers have concentrated on creating the world's best application for detecting unauthorized activity, and left everything else to other applications. If you want to organize and manage the alerts generated by Snort you have to use another application (ACID). If you desire alerts via email or pager you need another tool (swatch or syslog-ng). If you want to centrally manage attack signatures for multiple Snort installations, guess what? You need another tool (IDS Policy Manager or SnortCenter). Finding, installing, and getting all of these tools to work right can be frustrating, so Koziol walks us through these issues, and in the end we have an IDS rivaling the expensive commercial solutions.

On to the nitty-gritty of the book. Essentially, this book is organized into logical three sections, even though the author did not choose to make these demarcations in print. The first section introduces us to intrusion detection in general and features of Snort. The second section is a detailed installation guide, which walks through setting up and installing the various components of a distributed Snort setup. The final section focuses on post-installation and maintenance tasks, as well as advanced topics.

In the first section, the different breeds of IDS (Host and Network) are honestly presented, Koziol acknowledging in great detail some of the major shortcomings of IDS technology. The book then moves to describing Snort in great detail in an unbiased fashion. Other books on this subject written by Snort contributors are less forthcoming with Snort's disadvantages. The inner workings of Snort (such as packet decoders and libpcap) and the largely undocumented preprocessors are described in detail, giving tons real world examples. The examples are somewhat current, and describe exploits commonly found 6-18 months ago. Although the actual exploits found in the wild may change over time, the strategies for discovering them with Snort should remain relatively constant. The book then moves into the activities required in planning for a Snort-based IDS installation. Some of this is common sense for experienced security practitioners, such as establishing an incident response plan (the "Oh shit, I've been hacked, what do I do now!?!?"), but is relevant for novices. Other topics introduced in this section are:

Sensor placement: where to place an IDS from a network design perspective for maximum benefit.

Inserting a sensor into an in place network: covers using taps, span ports, and dedicated hubs.

Specific hardware and OS considerations: basically, why a flavor of Unix is best for Snort.

Creating a unidirectional sniffing cable: allows network traffic to flow in a single direction, minimizing risk to an IDS segment.

The second section is a detailed guide to building a distributed or 3-tiered Snort IDS. Getting the three components, the sensor (where Snort is actually installed), the server (database, alert management, and reporting server), and the analyst console (secure place to access other components and store config files and scripts) up and working on Linux takes up the bulk of this section. The analyst console chapter walks through the ever-popular Analysis Console for Intrusion Databases (ACID). Attention is paid to configuring a secured setup that encrypts traffic between the various sensors, servers, and consoles. Various packages and tools are described, as well as condensing all of the Snort tiers onto one physical box. Installing and configuring on Windows is covered as well, although this choice of setup is not as thoroughly explained as the others. The third and final section picks up where most books that deal with a specific application or software package too often leave off, namely, keeping the damn thing working. A chapter is dedicated to tuning Snort, and what thresholds can be configured to maximize benefit and performance. Getting real-time alerting via email working with ancillary tools, is covered in a dedicated chapter. Developing a targeted ruleset (a set of automagically generated signatures that will only detect attacks that have the potential to be successful) using a custom shell script is described.

A very important topic in Snort administration, writing custom rules (attack signatures) gets its own chapter. The syntax for creating rules is clearly described, followed by concrete examples. The book works through writing rules by reading through raw packet captures (last year's Slapper worm is a particularly good example). This is followed by upgrading and managing rules, which is highly useful if you have a number of Snort installations to manage. Finally, Intrusion Detection with Snort closes with a chapter on advanced topics. The advanced topics chapter primarily covers the latest fad 'Intrusion Prevention.' Snort can be made into an IPS device via packet scrubbing or shunting. For packet scrubbing, the Snort Inline patch is used and the box is placed in between a trusted and untrusted network, dropping packets that match specifically created rules. Shunting is accomplished with SnortSam, which basically sends a request to a border router or firewall to block an attacking IP address for a predetermined period of time.

Overall Jack Koziol's Intrusion Detection with Snort is a viable text for learning Intrusion Detection with the worlds premier open source IDS, even if it is light on diagrams and pictures, but it still comes highly recommended from this reviewer.

You can purchase Intrusion Detection with Snort from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Kajakske writes "Intel said Thursday that it is pushing back the release of its first dual-core processor by a year to 2005 and adding a new microprocessor for servers to its Itanium II lineup. On the other hand, Intel is moving forward in the area of new technologies."

dimitril writes "Tired of sitting in your car for hours and practically doing nothing but listening to the radio or the same CD for the fifth time? You could use those hours by reading your websites with this little project. You will love those traffic jams!"

dimitril writes "Tired of sitting in your car for hours and practically doing nothing but listening to the radio or the same CD for the fifth time? You could use those hours by reading your websites with this little project. You will love those traffic jams!"

Zygo writes "Again a little bit of hardware news for today: At MonkeyReview a very cool case... At DV Hardware a little article about an aluminium mousepad, called the Steelpad... OCCanada takes a look at the Gigabyte GA8PE667-Pro... ExtremeMHz brings you a guide to power... Some Christmas stuff... And Modthebox checks out a cool tachometer for PC's!" richie2000 submits a holiday-themed case mod: "A gingerbread case mod. Don't tell me you didn't see this one coming. And here's a mirror of one of the images."

viperstyx writes "Ah, the days of running around in bland 3d environments and fragging your best friends surrounded by a plethora of sprites and simple textures. What if we could go back to those days, except with per-pixel shading and transparent water? Well now, thanks to Tenabrae Quake you can. This small [just over 3mb] mod to the original quake engine allows users to play Quake while taking advantage of new technology like per-pixel shading. Its beautiful and definitely worth any old skool gamer's time =]"

Anonymous Coward writes: "Hi guys, Here is a review of the Lian Li PC626, which is a server case made entirely out of aluminium. Unex from Belgium :)" Or aluminum, which is the only proper spelling, of course. Are these cases actually worth the premium price? I may be having heat problems (for the first time) with our latest PC purchase, so I'm suddenly more interested in cooling...

Wim Borgers asks: "In our company we're trying to get rid of an old Sun machine before it lease expires and has to be replaced by another one (very soon). Since they are very expensive, we would like to use a Linux box instead. After weeks of trying to convert the Pascal programs, we finally reached a point where we think that it is impossible to migrate the machine: apparently the dialect of Sun Pascal is very specific and cannot be recompiled in Linux without complete rewriting the code... (and we lack the time to make such an undertaking). I think we better save those resources to convert to more decent working programs in the middle to long term. Does anyone have an idea how to get it these things run anyway?"

"The department that uses the machine does a lot of text processing using older Pascal and Cobol programs that were developed during the past years in Sun Workshop. Since we would like to start using XML, and Pascal is less used these days, we also have some viable reasons not to invest in a new Sun machine.

Instead of using Linux we also considered using the free Solaris binaries, but the (older) workshop we need is not released on Intel, but only SPARC and the new Forte programs didn't include the necessary compiler.

Eternal thanks to any who can help us!"

morzel asks: "I've been looking on the internet to rent a dedicated Linux server to perform some back-up tasks for DNS/SMTP and perhaps some minor WEB/FTP. There are a lot of options out there, from $99/month deals to over a grand a month. What amazed me is that in almost every shop, 'Red Hat' is virtually a synonym of 'Linux'. And even if there are different choices, it's basically 'Red Hat 6.2 or Red Hat 7.0'. I for one would like another distribution to be on my production machines (like Slackware), but are there shops out there that can give me that?"

"Since the initial setup of the machines is being done by the hosting admin team, it's very important that they know their way around in the distribution I want, and that they can support me when I screw up big time doing maintenance on that machine. (I do think I'm competent enough to manage without getting in trouble, but these things tend to happen nevertheless <grin!>)

Basically it boils down to me wanting:

• Good quality connectivity
• A greater choice in Linux distributions (Just slack is fine by me, but it's interesting to know if there are other options as well)
• quality support (both in the initial installation, as well as afterwards)
• Possibly added services (back-ups, monitoring)
• A reasonable pricetag for all of the above - mind you, I don't necessarily want the cheapest around, but it has to be payable.

So, what are your experiences with dedicated Linux server providers that offer more choice than Red Hat? Which ones are good, which ones should I steer clear of? What are your experiences on running a Slackware/SuSE/Debian/[insert fav. dist. here] server on the other side of the planet? All information (including blatant plugs) is very welcome!"

morzel asks: "One of the advantages of SCSI based systems is that a plethora of devices can exist on the same high-bandwidth bus, including multiple host adapters - at least: that's the theory. While it seems pretty obvious to me to use this as a low latency/high-bandwidth interconnect between a small number of hosts, I've never seen an actual implementation of such a system. Do these, preferrably IP-based systems, actually exist? I'm not in need of a Beowulf style cluster just yet (I don't have an application for them) but I am interested in the possible usage of SCSI as a _fast_ interconnection for small numbers of load-balancing machines in cluster. A combination with the Linux Virtual Server Project could create a killer solution... Right? Thanks for all input/comments on this!" (Read on...)

"I would think these kinds of interconnects would be ideal for small clusters, or larger clusters where groups of eight nodes could be interconnected with each other, with one node acting as the master node. This would probably provide more bandwidth and less latency than ethernet-based solutions, and on the other hand could be a lot cheaper than special hardware."