Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Red Hat's Linux Changes Raise New Questions
itwbennett writes "Last month two Red Hat developers proposed to replace the 30-year-old syslog system with a new Journal daemon. Initial reaction was mostly negative and 'focused on the Journal's use of a binary key-value form of data to log system events,' says blogger Brian Proffit. But now, says Proffitt, it seems that the proposal to replace syslog has less to do with the fixing syslog's problems than with Red Hat's desire to go its own way with Linux infrastructure." -
NVIDIA's Tegra 3 Outruns Apple's A5 In First Benchmarks
MojoKid writes "NVIDIA's new Tegra 3 SoC (System on a Chip) has recently been released for performance reviews in the Asus Eee Pad Transformer Prime Android tablet. Tegra 3 is comprised of a quad-core primary CPU complex with a 5th companion core for lower-end processing requirements and power management. The chip can scale up to 1.4GHz on a single core and 1.3GHz on up to four of its cores, while the companion core operates at 500MHz. It makes for a fairly impressive new tablet platform and offers performance that bests Apple's A5 dual-core processor in more than a few tests. The Asus Eee Pad Transformer Prime with optional keyboard dock and NVIDIA's Tegra 3 is set to be available in volume sometime around December 19th." -
Book Review: The CERT Oracle Secure Coding Standard For Java
brothke writes "It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products. Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws. Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely. With that The CERT Oracle Secure Coding Standard for Javais an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits." Read on for the rest of Ben's review. The CERT Oracle Secure Coding Standard for Java author Fred Long, Dhruv Mohindra, Robert Seacord, Dean Sutherland, David Svoboda pages 744 publisher Addison-Wesley Professional rating 10/10 reviewer Ben Rothke ISBN 0321803957 summary Definitive guide on the topic The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.
The first 100 pages of the book are available here. After reading it, you will be likely to want to see the next 650 pages.
This book provides a set of guidelines for secure programming in Java SE 6 and 7 environments. It is primarily targeted at software developers and computer security practitioners. While Java is inherently designed to be relatively secure as compared with other languages, it requires the developer to understand the security controls and language features thoroughly before he can implement them correctly. The book illustrates insecure coding practices and suggests corresponding safe alternatives to enable a developer to have an optimal blueprint.
Software developers are constantly under pressure to accommodate feature requests and have to strike a fine balance between enhancing delivery excellence and releasing a software product in consonance with deadlines. At the same time they routinely tackle technical challenges and often document their experience for the benefit of others. This book is one such effort, in that, several programmers and reviewers have contributed the contents. It encourages a developer to think beyond programming logic and enables him to produce clear, concise, maintainable and secure code – a mandatory requirement for today's dynamic software industry which is plagued by a spectrum of security threats and attrition's.
This book isn't for a Java beginner. The introductory chapter expects an intermediate or seasoned Java professional to identify the gamut of security vulnerabilities that frequently manifest in code and design. The chapter briefly explains injections attacks, unintended information disclosure, denial of service and issues involving concurrency and class loaders. Summary tables have been provided to assist the reader to easily locate representative secure coding rules for each category.
The examples presented primarily encompass the lang and util libraries of Java SE and also cover collections, concurrency, logging, management, reflection, regex, zip, I/O, JMX, JNI, math, serialization and JAXP libraries. No particular Java platform or technology has been favored; the set of rules is generic and independent of whether a mobile, enterprise, desktop or web application is being developed.
Notably, the layout enables the practitioner to pick up any chapter or rule at random without requiring him to read the preceding pages. Each rule has a short description of a unique problem and one or more non-compliant and compliant code examples. Risk assessment and references to other coding standards along with bibliography are also provided.
Unfortunately, the suggested tips for automatic detection of described problems aren't very practical because no automated bug detection tools have been vetted. Some rules also have a related vulnerabilities section that preys on weaknesses in commonplace software in context of the described problem.
Chapter 2 focuses on input validation and data sanitization. It highlights attacks such as SQL, XML, and OS injection and XML External Entity (XXE) and suggests corresponding mitigation techniques. It mentions but doesn't elaborate on web-based attacks such as cross-site scripting and CSRF, to avoid being too domain specific. The chapter advises developers to normalize strings, canonicalize and validate path names, refrain from logging unsanitized input, use appropriate internationalization and globalization APIs, avoid string encoding misgivings and other issues.
Chapters 3, 4 and 5 deal with declarations and class initialization, expressions, and numeric operations respectively. Dangers of auto-boxing, side-effects in assertions, integer overflow, and vagaries of floating point arithmetic are discussed at length.
The examples are short, to the point and intellectually challenging for the advanced reader. For example, one rule – don't use denormalized numbers dissects a vulnerability in Java 1.6 and earlier that allows an attacker to perform a denial of service attack by sending a crafted input to the JVM.
The book devotes a chapter to object-oriented programming and stresses on limiting extensibility of classes, encapsulating data, ensuring that code refactoring doesn't result in broken class hierarchies, using generics for fun and profit and so on.
Another chapter discusses Java methods, for example, one rule suggests that subclasses mustn't increase the accessibility of an overridden method. There is some useful information about using methods of Object class properly. This information is standard advice that can also be found in other books. This book offers all that and more. For example, one rule documents a convincing and exhaustive list of reasons why you shouldn't use finalizers.
The book also highlights misconstrued exception handling practices through examples akin to the shortcuts programmers invent, to save themselves from the trouble of having to handle exceptions. It explains why doing that can be insidious. Information disclosure arising from ill-conceived exception handling strategies is also discussed. Some may disagree with the advice on the pretext that exception handling when done the right way leads to unreadable code, however, the features presented from Java 7 convincingly offer a middle path. Further, when compliance with a certain rule is believed to be challenging and costly, the standard allows documented deviations and even lists valid exceptions for each rule.
Chapters 9, 10, 11, 12 and 13 are reserved for concurrency related issues. There are more than 30 rules in these chapters; the set could qualify as a handbook of concurrency issues and solutions. At a high level, the chapters cover visibility and atomicity, locking, thread class APIs, thread pools and thread safety in multi-threaded Java programs. The chapters don't assume that the reader has any familiarity with multi-threaded programming.
The next few chapters highlight input-output (I/O) risks such as working with shared directories, using files securely, closing resource handles properly, serialization and more. The book doesn't assume that the reader has a sophisticated background in serialization and builds from the basics. It cites examples of vulnerabilities that necessitate understanding the role of serialization.
A chapter on platform security follows, and is meant for advanced Java users. This chapter leads to another on runtime environment that cautions against signing code, granting permissions frivolously and permitting insecure deployment configurations. The final chapter captures miscellaneous rules that forbid hardcoding sensitive information, leaking memory, generating weak random numbers and writing insecure singletons among other topics.
Many other leading security standards delineate high-level measures that must be taken to ensure compliance but most fall short of prescribing the exact recipe to get there. This book fills that gap by approaching security from the ground-zero level upwards. However, it doesn't clearly specify to what extent the rules will help organizations meet the compliance goals proposed by other security standards. All the same, the eighteen crisp chapters of this book undeniably have the potential to help the software developer win the battle against software insecurity on his own terms.
For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Javais a very useful resource that no programmer should be without.
Ben Rothkeis the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase The CERT Oracle Secure Coding Standard for Java from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: The CERT Oracle Secure Coding Standard For Java
brothke writes "It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products. Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws. Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely. With that The CERT Oracle Secure Coding Standard for Javais an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits." Read on for the rest of Ben's review. The CERT Oracle Secure Coding Standard for Java author Fred Long, Dhruv Mohindra, Robert Seacord, Dean Sutherland, David Svoboda pages 744 publisher Addison-Wesley Professional rating 10/10 reviewer Ben Rothke ISBN 0321803957 summary Definitive guide on the topic The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.
The first 100 pages of the book are available here. After reading it, you will be likely to want to see the next 650 pages.
This book provides a set of guidelines for secure programming in Java SE 6 and 7 environments. It is primarily targeted at software developers and computer security practitioners. While Java is inherently designed to be relatively secure as compared with other languages, it requires the developer to understand the security controls and language features thoroughly before he can implement them correctly. The book illustrates insecure coding practices and suggests corresponding safe alternatives to enable a developer to have an optimal blueprint.
Software developers are constantly under pressure to accommodate feature requests and have to strike a fine balance between enhancing delivery excellence and releasing a software product in consonance with deadlines. At the same time they routinely tackle technical challenges and often document their experience for the benefit of others. This book is one such effort, in that, several programmers and reviewers have contributed the contents. It encourages a developer to think beyond programming logic and enables him to produce clear, concise, maintainable and secure code – a mandatory requirement for today's dynamic software industry which is plagued by a spectrum of security threats and attrition's.
This book isn't for a Java beginner. The introductory chapter expects an intermediate or seasoned Java professional to identify the gamut of security vulnerabilities that frequently manifest in code and design. The chapter briefly explains injections attacks, unintended information disclosure, denial of service and issues involving concurrency and class loaders. Summary tables have been provided to assist the reader to easily locate representative secure coding rules for each category.
The examples presented primarily encompass the lang and util libraries of Java SE and also cover collections, concurrency, logging, management, reflection, regex, zip, I/O, JMX, JNI, math, serialization and JAXP libraries. No particular Java platform or technology has been favored; the set of rules is generic and independent of whether a mobile, enterprise, desktop or web application is being developed.
Notably, the layout enables the practitioner to pick up any chapter or rule at random without requiring him to read the preceding pages. Each rule has a short description of a unique problem and one or more non-compliant and compliant code examples. Risk assessment and references to other coding standards along with bibliography are also provided.
Unfortunately, the suggested tips for automatic detection of described problems aren't very practical because no automated bug detection tools have been vetted. Some rules also have a related vulnerabilities section that preys on weaknesses in commonplace software in context of the described problem.
Chapter 2 focuses on input validation and data sanitization. It highlights attacks such as SQL, XML, and OS injection and XML External Entity (XXE) and suggests corresponding mitigation techniques. It mentions but doesn't elaborate on web-based attacks such as cross-site scripting and CSRF, to avoid being too domain specific. The chapter advises developers to normalize strings, canonicalize and validate path names, refrain from logging unsanitized input, use appropriate internationalization and globalization APIs, avoid string encoding misgivings and other issues.
Chapters 3, 4 and 5 deal with declarations and class initialization, expressions, and numeric operations respectively. Dangers of auto-boxing, side-effects in assertions, integer overflow, and vagaries of floating point arithmetic are discussed at length.
The examples are short, to the point and intellectually challenging for the advanced reader. For example, one rule – don't use denormalized numbers dissects a vulnerability in Java 1.6 and earlier that allows an attacker to perform a denial of service attack by sending a crafted input to the JVM.
The book devotes a chapter to object-oriented programming and stresses on limiting extensibility of classes, encapsulating data, ensuring that code refactoring doesn't result in broken class hierarchies, using generics for fun and profit and so on.
Another chapter discusses Java methods, for example, one rule suggests that subclasses mustn't increase the accessibility of an overridden method. There is some useful information about using methods of Object class properly. This information is standard advice that can also be found in other books. This book offers all that and more. For example, one rule documents a convincing and exhaustive list of reasons why you shouldn't use finalizers.
The book also highlights misconstrued exception handling practices through examples akin to the shortcuts programmers invent, to save themselves from the trouble of having to handle exceptions. It explains why doing that can be insidious. Information disclosure arising from ill-conceived exception handling strategies is also discussed. Some may disagree with the advice on the pretext that exception handling when done the right way leads to unreadable code, however, the features presented from Java 7 convincingly offer a middle path. Further, when compliance with a certain rule is believed to be challenging and costly, the standard allows documented deviations and even lists valid exceptions for each rule.
Chapters 9, 10, 11, 12 and 13 are reserved for concurrency related issues. There are more than 30 rules in these chapters; the set could qualify as a handbook of concurrency issues and solutions. At a high level, the chapters cover visibility and atomicity, locking, thread class APIs, thread pools and thread safety in multi-threaded Java programs. The chapters don't assume that the reader has any familiarity with multi-threaded programming.
The next few chapters highlight input-output (I/O) risks such as working with shared directories, using files securely, closing resource handles properly, serialization and more. The book doesn't assume that the reader has a sophisticated background in serialization and builds from the basics. It cites examples of vulnerabilities that necessitate understanding the role of serialization.
A chapter on platform security follows, and is meant for advanced Java users. This chapter leads to another on runtime environment that cautions against signing code, granting permissions frivolously and permitting insecure deployment configurations. The final chapter captures miscellaneous rules that forbid hardcoding sensitive information, leaking memory, generating weak random numbers and writing insecure singletons among other topics.
Many other leading security standards delineate high-level measures that must be taken to ensure compliance but most fall short of prescribing the exact recipe to get there. This book fills that gap by approaching security from the ground-zero level upwards. However, it doesn't clearly specify to what extent the rules will help organizations meet the compliance goals proposed by other security standards. All the same, the eighteen crisp chapters of this book undeniably have the potential to help the software developer win the battle against software insecurity on his own terms.
For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Javais a very useful resource that no programmer should be without.
Ben Rothkeis the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase The CERT Oracle Secure Coding Standard for Java from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Are Data Centers Finally Ready For DC Power?
1sockchuck writes "It's been five years since a landmark study outlined the potential benefits of DC power distribution in data centers. But adoption of DC in data centers remains limited, even as the industry aggressively pursues a wide array of other energy savings strategies. Advocates of DC distribution are hoping a new study will jump start the conversation about DC distribution, which can save energy by eliminating several wasteful AC-to-DC conversions within a data center. Meanwhile, an industry association for DC power adoption, the EMerge Alliance, has formed a new technical standards committee for data centers, and is advancing a 380-volt DC power standard. Will DC distribution ever gain momentum in data centers?" -
Jetman Yves Rossy Flies In Formation With Jets
smitty777 writes "Slashdot has been following Yves Rossy in his previous exploits across the Grand Canyon and his attempts at international flight. He is now flying in formations with real jets. He even does a barrel roll around the two fighters in the video below." -
Jetman Yves Rossy Flies In Formation With Jets
smitty777 writes "Slashdot has been following Yves Rossy in his previous exploits across the Grand Canyon and his attempts at international flight. He is now flying in formations with real jets. He even does a barrel roll around the two fighters in the video below." -
Why Was Hypercard Killed?
theodp writes "Steve Jobs took the secret to his grave, but Stanislav Datskovskiy offers some interesting and illustrated speculation on why HyperCard had to die. 'Jobs was almost certainly familiar with HyperCard and its capabilities,' writes Datskovskiy. 'And he killed it anyway. Wouldn't you love to know why? Here's a clue: Apple never again brought to market anything resembling HyperCard. Despite frequent calls to do so. Despite a more-or-less guaranteed and lively market. And I will cautiously predict that it never will again. The reason for this is that HyperCard is an echo of a different world. One where the distinction between the "use" and "programming" of a computer has been weakened and awaits near-total erasure. A world where the personal computer is a mind-amplifier, and not merely an expensive video telephone. A world in which Apple's walled garden aesthetic has no place.' Slashdotters have bemoaned the loss of HyperCard over the past decade, but Datskovskiy ends his post on a keep-hope-alive note, saying: 'Contemplate the fact that what has been built once could probably be built again.' Where have you gone, Bill Atkinson, a nation of potential programmers turns its lonely eyes to you." -
Why Was Hypercard Killed?
theodp writes "Steve Jobs took the secret to his grave, but Stanislav Datskovskiy offers some interesting and illustrated speculation on why HyperCard had to die. 'Jobs was almost certainly familiar with HyperCard and its capabilities,' writes Datskovskiy. 'And he killed it anyway. Wouldn't you love to know why? Here's a clue: Apple never again brought to market anything resembling HyperCard. Despite frequent calls to do so. Despite a more-or-less guaranteed and lively market. And I will cautiously predict that it never will again. The reason for this is that HyperCard is an echo of a different world. One where the distinction between the "use" and "programming" of a computer has been weakened and awaits near-total erasure. A world where the personal computer is a mind-amplifier, and not merely an expensive video telephone. A world in which Apple's walled garden aesthetic has no place.' Slashdotters have bemoaned the loss of HyperCard over the past decade, but Datskovskiy ends his post on a keep-hope-alive note, saying: 'Contemplate the fact that what has been built once could probably be built again.' Where have you gone, Bill Atkinson, a nation of potential programmers turns its lonely eyes to you." -
Why Was Hypercard Killed?
theodp writes "Steve Jobs took the secret to his grave, but Stanislav Datskovskiy offers some interesting and illustrated speculation on why HyperCard had to die. 'Jobs was almost certainly familiar with HyperCard and its capabilities,' writes Datskovskiy. 'And he killed it anyway. Wouldn't you love to know why? Here's a clue: Apple never again brought to market anything resembling HyperCard. Despite frequent calls to do so. Despite a more-or-less guaranteed and lively market. And I will cautiously predict that it never will again. The reason for this is that HyperCard is an echo of a different world. One where the distinction between the "use" and "programming" of a computer has been weakened and awaits near-total erasure. A world where the personal computer is a mind-amplifier, and not merely an expensive video telephone. A world in which Apple's walled garden aesthetic has no place.' Slashdotters have bemoaned the loss of HyperCard over the past decade, but Datskovskiy ends his post on a keep-hope-alive note, saying: 'Contemplate the fact that what has been built once could probably be built again.' Where have you gone, Bill Atkinson, a nation of potential programmers turns its lonely eyes to you." -
Why Was Hypercard Killed?
theodp writes "Steve Jobs took the secret to his grave, but Stanislav Datskovskiy offers some interesting and illustrated speculation on why HyperCard had to die. 'Jobs was almost certainly familiar with HyperCard and its capabilities,' writes Datskovskiy. 'And he killed it anyway. Wouldn't you love to know why? Here's a clue: Apple never again brought to market anything resembling HyperCard. Despite frequent calls to do so. Despite a more-or-less guaranteed and lively market. And I will cautiously predict that it never will again. The reason for this is that HyperCard is an echo of a different world. One where the distinction between the "use" and "programming" of a computer has been weakened and awaits near-total erasure. A world where the personal computer is a mind-amplifier, and not merely an expensive video telephone. A world in which Apple's walled garden aesthetic has no place.' Slashdotters have bemoaned the loss of HyperCard over the past decade, but Datskovskiy ends his post on a keep-hope-alive note, saying: 'Contemplate the fact that what has been built once could probably be built again.' Where have you gone, Bill Atkinson, a nation of potential programmers turns its lonely eyes to you." -
Duqu Attackers Managed to Wipe C&C Servers
Trailrunner7 writes with an update in the saga of Duqu and Stuxnet. From the article: "Shortly after the first public reports about Duqu emerged in early autumn, the crew behind Duqu wiped out all of the command-and-control servers that had been in use up to that point, including some that had been used since 2009. An in-depth analysis of the known C&C servers used in the Duqu attacks has found that some of the servers were compromised as far back as 2009, and that the attackers clearly targeted Linux machines. All of the known Duqu C&C servers discovered up to this point have been running CentOS ... There also is some evidence that the attackers may have used a zero-day in OpenSSH 4.3 to compromise the C&C servers initially." -
AMD Confirms Commitment To x86
MrSeb writes with an excerpt from an Extreme Tech story on the recent wild speculation about AMD abandoning x86: "Recent subpar CPU launches and product cancellations have left AMD in an ugly position, but reports that the company is preparing to jettison its x86 business are greatly exaggerated and wildly off base. Yesterday, Mercury News ran a report on AMD's struggles to reinvent itself and included this quote from company spokesperson Mike Silverman: 'We're at an inflection point. We will all need to let go of the old 'AMD versus Intel' mind-set, because it won't be about that anymore.' When we contacted Silverman, he confirmed that the original statement has been taken somewhat out of context and provided additional clarification. 'AMD is a leader in x86 microprocessor design, and we remain committed to the x86 market. Our strategy is to accelerate our growth by taking advantage of our design capabilities to deliver a breadth of products that best align with broader industry shifts toward low power, emerging markets and the cloud.' The larger truth behind Silverman's statement is that no matter what AMD does, it's not going to be 'AMD versus Intel' anymore — it's going to be AMD vs. Qualcomm, TI, Nvidia, and Intel." -
UK Announces "Cyber Strategy"
concealment writes "The UK government has announced a 'cyber strategy' outlining its plans to make the UK a safe place to do business online. Not limited to merely defending against attacks, the strategy outlines plans to take aggressive, proactive online action against security threats and criminals. Stricter enforcement of Internet usage restrictions and recruitment of volunteer 'cyber-specials' are also planned." An interesting bit from the article: "In promising to undertake aggressive, military cyberattacks, the UK will be following in the footsteps of the U.S. and Israel — together the presumed creators of the Stuxnet worm — and China, a nation regularly accused of infiltrating and compromising both private and government organizations to extract information." -
UK Announces "Cyber Strategy"
concealment writes "The UK government has announced a 'cyber strategy' outlining its plans to make the UK a safe place to do business online. Not limited to merely defending against attacks, the strategy outlines plans to take aggressive, proactive online action against security threats and criminals. Stricter enforcement of Internet usage restrictions and recruitment of volunteer 'cyber-specials' are also planned." An interesting bit from the article: "In promising to undertake aggressive, military cyberattacks, the UK will be following in the footsteps of the U.S. and Israel — together the presumed creators of the Stuxnet worm — and China, a nation regularly accused of infiltrating and compromising both private and government organizations to extract information." -
Google Throws /. Under Bus To Snag Patent
theodp writes "Before Danny Hillis and Bran Ferren invented Google's newly-patented system for 'Delegating Authority to Evaluate Content', Google says users looking for content evaluation websites were condemned to the likes of Amazon.com and Slashdot. From the patent: 'Many sites found on the World Wide Web allow users to evaluate content found within the site. The Slashdot Web site (www.slashdot.org) allows users to "mod" comments recently posted by other users. Based on this information obtained from the users, the system determines a numerical score for each comment ranging from 1 to 5.' The problem with sites like Slashdot, Google told the USPTO, is that 'because there is no restriction on the users that may participate, the reliability of the ratings is correspondingly diminished.' Commissioning a small number of trusted evaluators or editors would increase the reliability of the evaluations, Google notes, but wouldn't allow nearly as much content to be evaluated. Google's solution? Allow trusted evaluators to transfer a 'quantity of authority' to like-minded 'contributing authorities', who in turn designate and delegate authority to additional like-minded contributing authorities. Think Microsoft Outlook 97 Delegate Access meets Slashdot Karma Points, and you've got the general idea!" -
Android Dev Demonstrates CarrierIQ Phone Logging Software On Video
Token_Internet_Girl writes with a followup to last week's news about Android developer Trevor Eckhart, who was researching software from CarrierIQ, installed on millions of cellphones, that secretly logged a variety of user information — from button presses to text message contents to browsing data. CarrierIQ tried to silence Eckhart, but later backtracked. Now, Eckhart has posted a video demonstration of CarrierIQ's logging software. From the article: "The company denies its software logs keystrokes. Eckhart’s 17-minute video clearly undercuts that claim. ... The video shows the software logging Eckhart's online search of 'hello world.' That's despite Eckhart using the HTTPS version of Google, which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google. ...the video shows the software logging each number as Eckhart fingers the dialer. 'Every button you press in the dialer before you call,' he says on the video, 'it already gets sent off to the IQ application.'" -
Android Dev Demonstrates CarrierIQ Phone Logging Software On Video
Token_Internet_Girl writes with a followup to last week's news about Android developer Trevor Eckhart, who was researching software from CarrierIQ, installed on millions of cellphones, that secretly logged a variety of user information — from button presses to text message contents to browsing data. CarrierIQ tried to silence Eckhart, but later backtracked. Now, Eckhart has posted a video demonstration of CarrierIQ's logging software. From the article: "The company denies its software logs keystrokes. Eckhart’s 17-minute video clearly undercuts that claim. ... The video shows the software logging Eckhart's online search of 'hello world.' That's despite Eckhart using the HTTPS version of Google, which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google. ...the video shows the software logging each number as Eckhart fingers the dialer. 'Every button you press in the dialer before you call,' he says on the video, 'it already gets sent off to the IQ application.'" -
Facebook Settles With FTC, Admits Privacy Violations
Animats writes "Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The settlement is soft on Facebook; there are no fines or criminal penalties. According to the FTC, in December 2009, Facebook 'changed its website so certain information that users may have designated as private – such as their Friends List – was made public. Facebook didn't warn users that this change was coming, or get their approval in advance.' Among the other complaints (PDF), 'Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.'" The settlement demands that Facebook avoid any new deceptive privacy claims, and also that users must give explicit permission for changes to be made to their privacy preferences. Facebook will be audited every two years for the next two decades to make sure they're holding up their end of the settlement. In a lengthy statement on Facebook's blog, Mark Zuckerberg acknowledged that they'd made mistakes. -
Facebook Denies Disputed Page To Both Mercks
itwbennett writes "In follow-up to yesterday's story about how Merck in Germany is threatening legal action to take its vanity Facebook URL back from Merck U.S., Facebook apologized for its 'administrative error' in reassigning the URL but said that if the two companies can't play nice, no one will get the URL." -
Amazon Releases Kindle Source Code
MackieChan writes with a piece of news that slipped past earlier this month: "Barnes & Noble receives a lot of credit from the Slashdot community for standing up to Microsoft and for allowing the Nook to be so easy to root, but perhaps Amazon releasing the source code to the Kindle will help it gain back supporters it lost after remotely removing ebooks." -
Amazon Releases Kindle Source Code
MackieChan writes with a piece of news that slipped past earlier this month: "Barnes & Noble receives a lot of credit from the Slashdot community for standing up to Microsoft and for allowing the Nook to be so easy to root, but perhaps Amazon releasing the source code to the Kindle will help it gain back supporters it lost after remotely removing ebooks." -
Amazon Releases Kindle Source Code
MackieChan writes with a piece of news that slipped past earlier this month: "Barnes & Noble receives a lot of credit from the Slashdot community for standing up to Microsoft and for allowing the Nook to be so easy to root, but perhaps Amazon releasing the source code to the Kindle will help it gain back supporters it lost after remotely removing ebooks." -
CyanogenMod 9 Working On the Nexus S
MrSeb writes with an article in Extreme Tech about progress toward getting an AOSP build working on the Nexus S. From the article: "Over the past week, ROM Manager extraordinaire Koush has been frantically working on making a working build of CyanogenMod 9 (Ice Cream Sandwich) for the Samsung Nexus S. The custom ROM, which is built purely from the Android Open Source Project, has now reached 'alpha 11.' All major features are present and no significant bugs remain. It's too early to say that the build is ready for prime time or mission-critical work — the final release of CM9 is due in the new year — but it's certainly stable enough for daily use. The most significant feature, if you can call it that, is that Koush's build of ICS is really very smooth — it's as nimble as Gingerbread, if not more so. Unlike the previous, non-CM build that was released last week, this alpha build of CM9 has every feature enabled, including Google Wallet, and setting a mobile data limit. As usual, the custom ROM is pre-rooted, has ROM Manager installed, and absolutely no bloatware. " -
Book Review: Responsive Web Design
Michael J. Ross writes "With more people accessing the Internet using mobile devices than computers, web designers and developers are challenged to make sites that work well on both categories of hardware — or resign themselves to the greater costs and other disadvantages of maintaining two versions of each web site (a mobile-ready version as well as one for much larger screens). Fortunately, recent advances in web technologies are making it easier to build web pages whose contents and their positioning are automatically modified to match the available screen space of the individual user. These techniques are explored in detail in a recent book, Responsive Web Design, written by Ethan Marcotte, a veteran web designer and developer." Keep reading for the rest of Michael's review. Responsive Web Design author Ethan Marcotte pages 143 pages publisher A Book Apart rating 9/10 reviewer Michael J. Ross ISBN 978-0984442577 summary A pithy tutorial on responsive web design. This title was published on 7 June 2011, under the ISBN 978-0984442577, by A Book Apart, as the fourth in their series of "brief books for people who make web sites." On the publisher's page, visitors will find brief descriptions of the book and its author, links to purchase the print and e-book versions (or the two combined, at a substantial discount), and three promotional blurbs also used on the back cover of the print version. The e-book package consists of six files: the book in EPUB, MOBI, and PDF formats; an EPUB document on responsive design for video; a letter from Jeffrey Zeldman (the book's publisher), Jason Santa Maria (its designer), and Mandy Brown (its editor); and the previous five files zipped into an archive. This book is also available in French, perhaps reflecting the publisher's greater awareness of internationalization relative to mainstream technical publishing houses.
Readers of the print version will likely be first struck by its diminutive size — just 143 pages. In fact, the book is so slender that only half of the spine title actually fits on the spine. (It's either a bold design statement against conventional publishing practices, or an even bolder typographical error committed inexplicably by a well-regarded design firm.) Flipping through the glossy pages, readers will also notice the judicious use of text color to indicate HTML and CSS code, and highlighted fragments therein. Even more visually impressive are the full-color screen shots and other figures. The book begins with the previously mentioned letter, as well as a short yet delightful foreword by Jeremy Keith; it ends with the author's acknowledgments, suggested resources, references by chapter, and a suspiciously brief index, not much longer than the author bio that follows it.
The bulk of the information is organized into five chapters — the first of which, "Our Responsive Web," presents a high-level rationale for architecting web sites that can be maximally useful on a wide range of devices, with screen sizes ranging from the smallest found on smartphones, up to widescreen TVs attached to web-enabled game consoles. Throughout the book, to illustrate the principles of responsive design, the author utilizes a fictional example web site, "Robot or Not", designed to assist users in identifying robots masquerading as humans (which would have been helpful to the crew of the spaceship Nostromo!). This short chapter is essentially just an introduction.
The author gets down to business in the second chapter, titled "The Flexible Grid," which demonstrates how grid-based layouts can be used to more easily position page elements for greater visual consistency. He goes into detail in showing how such layouts can be made flexible, with font sizes specified in character widths and positioning specified in proportions of containing elements. Experienced designers will probably not encounter any new concepts in this material. These techniques are extended in the subsequent chapter, "Flexible Images," which explains how to use percentages when working with images (both markup and CSS) and other media types — including workarounds for the browser most despised by web designers, Internet Explorer.
Media queries, introduced to the world in CSS2, are now a key technology in responsive design, and are discussed in Chapter 4, which forms the core of the book. The author shows how to use them to cause the browser to apply CSS rules selectively based upon such factors as the width of the browser viewport. All of the narrative is clear, except for the statement on page 66 that the example web site's logo is "scaled down to a nearly microscopic size" in Figure 4.2, when in fact it appears unchanged. Readers may wonder why — after noting that mobile devices do not consistently use "handheld" or "screen" as their media types — the author does not explain why the recommended media queries use "@media screen," and not "@media all" to be more encompassing. Nonetheless, the discussion of media query techniques is instructive. It continues with a look at how to use them in older browsers, using JavaScript libraries, css3-mediaqueries-js and Respond.js. Lastly, the author shows how incorporating some fixed widths into a flexible design may be an optimal approach.
The fifth and final chapter, "Becoming Responsive," discusses real world implications of responsive design. The author counters an interesting contention: web sites on mobile devices should not simply be the desktop content scaled down to a smaller screen, but instead should offer different content, more appropriate for the individual on the go. He then touches on the topic of designing sites first for mobile, rather than the traditional approach of trying to shoehorn a full-size site onto a small screen. The bulk of the chapter is devoted to presenting a workflow employed by the author in creating actual client sites. It concludes with a demonstration of how to add a slideshow using a jQuery plug-in and some custom code, so it abides by the principles of progressive enhancement.
In terms of the physical book, the quality is top-notch, and the full-color images are quite compelling. Sadly, each figure tends to bleed through to the other side of its page, but fortunately not enough to inhibit reading the text on the other side, or appreciating any of the images. The e-books are also quite readable — probably more so compared to the electronic versions of other programming books, given the smaller line lengths.
In terms of the narrative, Ethan Marcotte has a somewhat goofy writing style, replete with nerdy side comments and jokes, which some readers may regard as padding, particularly in those sections where they are quite numerous. The same may be said for the hyperbole in some spots, such as "Marvelous. Wonderful. Stupendous, even." (page 33). On the other hand, many readers may enjoy the lighthearted style, especially those jokes that work well. More importantly, the explanations are generally comprehensible and thorough. I was able to find only one erratum ("or a maybe an animation," on page 119), and the only grammatical error was the frequent use of the term "that" to refer to people, instead of "who." Otherwise, there were no glitches in the writing, and most techies will find this book a fairly quick read.
From a higher-level perspective, one sometimes hears an objection raised against web design/development books such as this one — namely: all of the book's information is freely available in articles, blog posts, forums, IRC channels, and other resources for programmers. So why purchase a static book whose author probably started writing it months if not years in the past? Such technical information is scattered among numerous websites, thereby forcing us to spend time searching around, and in many cases skipping over redundant material. Also, the advice tends to vary in quality, and hence we must distinguish what information is out of date or simply invalid. Likely every experienced developer has been tempted by an article titled such that it sounded as though it would contain the exact solution to the problem at hand — only to discover that the title was quite misleading, or the people contributing to the comments were equally befuddled (and frustrated). Technical books geared toward the working professional can obviate these problems, because they bring together most of the information known by the industry, into a cohesive whole, that is then vetted by technical reviewers and editors. In the case of this monograph, Ethan Marcotte's well-regarded seminal article, in conjunction with the other most popular articles on responsive web design, would still not be a sufficient substitute for this resource.
For web designers and developers alike, Ethan Marcotte's book is a neatly-crafted and authoritative single-source tutorial on how to build responsive web sites that will likely prove robust on a wide range of platforms.
Michael J. Ross is a freelance web developer and writer.
You can purchase Responsive Web Design from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: Responsive Web Design
Michael J. Ross writes "With more people accessing the Internet using mobile devices than computers, web designers and developers are challenged to make sites that work well on both categories of hardware — or resign themselves to the greater costs and other disadvantages of maintaining two versions of each web site (a mobile-ready version as well as one for much larger screens). Fortunately, recent advances in web technologies are making it easier to build web pages whose contents and their positioning are automatically modified to match the available screen space of the individual user. These techniques are explored in detail in a recent book, Responsive Web Design, written by Ethan Marcotte, a veteran web designer and developer." Keep reading for the rest of Michael's review. Responsive Web Design author Ethan Marcotte pages 143 pages publisher A Book Apart rating 9/10 reviewer Michael J. Ross ISBN 978-0984442577 summary A pithy tutorial on responsive web design. This title was published on 7 June 2011, under the ISBN 978-0984442577, by A Book Apart, as the fourth in their series of "brief books for people who make web sites." On the publisher's page, visitors will find brief descriptions of the book and its author, links to purchase the print and e-book versions (or the two combined, at a substantial discount), and three promotional blurbs also used on the back cover of the print version. The e-book package consists of six files: the book in EPUB, MOBI, and PDF formats; an EPUB document on responsive design for video; a letter from Jeffrey Zeldman (the book's publisher), Jason Santa Maria (its designer), and Mandy Brown (its editor); and the previous five files zipped into an archive. This book is also available in French, perhaps reflecting the publisher's greater awareness of internationalization relative to mainstream technical publishing houses.
Readers of the print version will likely be first struck by its diminutive size — just 143 pages. In fact, the book is so slender that only half of the spine title actually fits on the spine. (It's either a bold design statement against conventional publishing practices, or an even bolder typographical error committed inexplicably by a well-regarded design firm.) Flipping through the glossy pages, readers will also notice the judicious use of text color to indicate HTML and CSS code, and highlighted fragments therein. Even more visually impressive are the full-color screen shots and other figures. The book begins with the previously mentioned letter, as well as a short yet delightful foreword by Jeremy Keith; it ends with the author's acknowledgments, suggested resources, references by chapter, and a suspiciously brief index, not much longer than the author bio that follows it.
The bulk of the information is organized into five chapters — the first of which, "Our Responsive Web," presents a high-level rationale for architecting web sites that can be maximally useful on a wide range of devices, with screen sizes ranging from the smallest found on smartphones, up to widescreen TVs attached to web-enabled game consoles. Throughout the book, to illustrate the principles of responsive design, the author utilizes a fictional example web site, "Robot or Not", designed to assist users in identifying robots masquerading as humans (which would have been helpful to the crew of the spaceship Nostromo!). This short chapter is essentially just an introduction.
The author gets down to business in the second chapter, titled "The Flexible Grid," which demonstrates how grid-based layouts can be used to more easily position page elements for greater visual consistency. He goes into detail in showing how such layouts can be made flexible, with font sizes specified in character widths and positioning specified in proportions of containing elements. Experienced designers will probably not encounter any new concepts in this material. These techniques are extended in the subsequent chapter, "Flexible Images," which explains how to use percentages when working with images (both markup and CSS) and other media types — including workarounds for the browser most despised by web designers, Internet Explorer.
Media queries, introduced to the world in CSS2, are now a key technology in responsive design, and are discussed in Chapter 4, which forms the core of the book. The author shows how to use them to cause the browser to apply CSS rules selectively based upon such factors as the width of the browser viewport. All of the narrative is clear, except for the statement on page 66 that the example web site's logo is "scaled down to a nearly microscopic size" in Figure 4.2, when in fact it appears unchanged. Readers may wonder why — after noting that mobile devices do not consistently use "handheld" or "screen" as their media types — the author does not explain why the recommended media queries use "@media screen," and not "@media all" to be more encompassing. Nonetheless, the discussion of media query techniques is instructive. It continues with a look at how to use them in older browsers, using JavaScript libraries, css3-mediaqueries-js and Respond.js. Lastly, the author shows how incorporating some fixed widths into a flexible design may be an optimal approach.
The fifth and final chapter, "Becoming Responsive," discusses real world implications of responsive design. The author counters an interesting contention: web sites on mobile devices should not simply be the desktop content scaled down to a smaller screen, but instead should offer different content, more appropriate for the individual on the go. He then touches on the topic of designing sites first for mobile, rather than the traditional approach of trying to shoehorn a full-size site onto a small screen. The bulk of the chapter is devoted to presenting a workflow employed by the author in creating actual client sites. It concludes with a demonstration of how to add a slideshow using a jQuery plug-in and some custom code, so it abides by the principles of progressive enhancement.
In terms of the physical book, the quality is top-notch, and the full-color images are quite compelling. Sadly, each figure tends to bleed through to the other side of its page, but fortunately not enough to inhibit reading the text on the other side, or appreciating any of the images. The e-books are also quite readable — probably more so compared to the electronic versions of other programming books, given the smaller line lengths.
In terms of the narrative, Ethan Marcotte has a somewhat goofy writing style, replete with nerdy side comments and jokes, which some readers may regard as padding, particularly in those sections where they are quite numerous. The same may be said for the hyperbole in some spots, such as "Marvelous. Wonderful. Stupendous, even." (page 33). On the other hand, many readers may enjoy the lighthearted style, especially those jokes that work well. More importantly, the explanations are generally comprehensible and thorough. I was able to find only one erratum ("or a maybe an animation," on page 119), and the only grammatical error was the frequent use of the term "that" to refer to people, instead of "who." Otherwise, there were no glitches in the writing, and most techies will find this book a fairly quick read.
From a higher-level perspective, one sometimes hears an objection raised against web design/development books such as this one — namely: all of the book's information is freely available in articles, blog posts, forums, IRC channels, and other resources for programmers. So why purchase a static book whose author probably started writing it months if not years in the past? Such technical information is scattered among numerous websites, thereby forcing us to spend time searching around, and in many cases skipping over redundant material. Also, the advice tends to vary in quality, and hence we must distinguish what information is out of date or simply invalid. Likely every experienced developer has been tempted by an article titled such that it sounded as though it would contain the exact solution to the problem at hand — only to discover that the title was quite misleading, or the people contributing to the comments were equally befuddled (and frustrated). Technical books geared toward the working professional can obviate these problems, because they bring together most of the information known by the industry, into a cohesive whole, that is then vetted by technical reviewers and editors. In the case of this monograph, Ethan Marcotte's well-regarded seminal article, in conjunction with the other most popular articles on responsive web design, would still not be a sufficient substitute for this resource.
For web designers and developers alike, Ethan Marcotte's book is a neatly-crafted and authoritative single-source tutorial on how to build responsive web sites that will likely prove robust on a wide range of platforms.
Michael J. Ross is a freelance web developer and writer.
You can purchase Responsive Web Design from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Restaurants Plan DNA-Certified Seafood Program
Restaurants across the globe will soon use DNA technology to reassure customers that they are getting what they pay for. In recent years getting "counterfeit" seafood has become a big problem. In 2007 several people became seriously ill from eating illegally imported pufferfish that had been mislabeled as monkfish. From the article: "David Schindel, a Smithsonian Institution paleontologist and executive secretary of the Washington-based Consortium for the Barcode of Life, said he has started discussions with the restaurant industry and seafood suppliers about utilizing the technology as a means of certifying the authenticity of delicacies. 'When they sell something that's really expensive, they want the consumer to believe that they're getting what they're paying for,' Schindel told The Associated Press." -
Harvard Licenses Technology For Tiny Swarming Robot
Zothecula writes "Do you think that you'll never be able to afford a robot of your own that isn't a toy? Well, if you can get Swiss robot-maker K-Team Corporation to sell you one, chances are you can easily afford a Kilobot — perhaps even a whole bunch of them. Designed and first built by Harvard University's Self-Organizing Systems Research Group, the three-legged robots aren't much larger than the 3.4-volt button cell batteries that power them, and move by vibrating across smooth, flat surfaces. They were created to study robotic swarming behavior, with the intention that tens, hundreds or even thousands of them could be used simultaneously in one experiment. Harvard has just announced that it has licensed the Kilobot technology to K-Team, which will commercially manufacture the robots so that other groups and institutions can purchase them for their own research." -
How Even a Failed AT&T/T-Mobile Deal Hurts Rivals
An anonymous reader writes "The attempted merger between AT&T and T-Mobile has fallen on hard times amid antitrust concerns, but there's a potential silver lining for T-Mobile — one that would give them a boost over competitors anyway. Reuters reports that T-Mobile USA would be entitled to a hefty breakup fee including $3 billion in cash as well as spectrum and roaming agreements. 'In a research note, Moody's said that could also lead to a network sharing deal between the two companies, reasoning that it "would make sense given the spectrum that AT&T will have to cede to T-Mobile and the 3G roaming agreement between the two." That would make life especially hard for No. 3 U.S. carrier Sprint, which has been one of the most vocal opponents of the AT&T/T-Mobile deal, going so far as to file a lawsuit. ... Smaller rivals such as MetroPCS and Leap Wireless may be affected even more because T-Mobile is eyeing similar customer segments.'" -
Valve's Gabe Newell On Piracy: It's Not a Pricing Problem
New submitter silentbrad writes with a followup to our discussion this morning about Ubisoft's claims of overwhelming game piracy. An article at IGN quotes a different point of view from Gabe Newell, CEO of Valve: "In general, we think there is a fundamental misconception about piracy. Piracy is almost always a service problem and not a pricing problem. For example, if a pirate offers a product anywhere in the world, 24 x 7, purchasable from the convenience of your personal computer, and the legal provider says the product is region-locked, will come to your country 3 months after the U.S. release, and can only be purchased at a brick and mortar store, then the pirate's service is more valuable. Most DRM solutions diminish the value of the product by either directly restricting a customers use or by creating uncertainty." The quote was taken from an interview at The Cambridge Student Online, in which Newell speaks to a few other subjects, such as creating games for multiple platforms and e-sports. -
Hard Drive Prices Up 150% In Less Than Two Months
zyzko writes "The Register reports that hard drive prices (lowest average unit prices) have rocketed 151% from October 1 to November 14th. The worst days have seen over 5% daily price increases. This is commonly attributed to the floods in Thailand, but there are concerns of artificial price fixing and suspicion that retailers or members of the supply channel are taking advantage of the situation." The number varies when you break it down to individual drives, but it seems to be in the right ballpark. Anecdotally, the drive I picked up on Oct. 14th would cost me 135% more today. The flood waters in Thailand have partially receded, but aren't expected to be completely gone until early December. The damage to the country's economy and property is measured in the tens of billions. -
$350 Hardware Cracks HDMI Copy Protection
New submitter LBeee writes "German Researchers at the Ruhr University Bochum built an FPGA board-based man-in-the-middle attack against the HDCP copy protection used in HDMI connections. After the leak of an HDCP master key in 2010, Intel proclaimed that the copy protection was still secure, as it would be too expensive to build a system that could conduct a real-time decryption of the data stream. It has now been proven that a system can be built for around $350 (€200) to do the task. However, the solution is of no great practical use for pirates. It can easily be used to burn films from Blu-ray discs, but receivers which can deliver HDTV recordings are already available — and they provide the data in compressed form. In contrast, recording directly from an HDMI port results in a large amount of data." -
$350 Hardware Cracks HDMI Copy Protection
New submitter LBeee writes "German Researchers at the Ruhr University Bochum built an FPGA board-based man-in-the-middle attack against the HDCP copy protection used in HDMI connections. After the leak of an HDCP master key in 2010, Intel proclaimed that the copy protection was still secure, as it would be too expensive to build a system that could conduct a real-time decryption of the data stream. It has now been proven that a system can be built for around $350 (€200) to do the task. However, the solution is of no great practical use for pirates. It can easily be used to burn films from Blu-ray discs, but receivers which can deliver HDTV recordings are already available — and they provide the data in compressed form. In contrast, recording directly from an HDMI port results in a large amount of data." -
Worldwide Support For Nuclear Power Drops
ProbablyJoe writes "A poll for the BBC shows that worldwide support for nuclear power has dropped significantly in the past 6 years. However, while support has dropped in most countries, the UK has defied the trend, where 37% of the public support building new reactors. Unsurprisingly, support in Japan has dropped significantly, with only 6% supporting new reactors. The U.S. remains the country with the highest public opinion of nuclear power, though support has dropped slightly. Much of the decline in approval has been attributed to the events in Fukushima earlier in the year, although a recent Slashdot poll indicated that many readers' opinions had not been affected by the events, and there was an even split between those who found the technology more or less safe since the events. With reports on the long lasting effects in Fukushima still conflicted, is nuclear power still a viable solution to the world's energy problems?" -
Microsoft Just Can't Quit Yahoo
itwbennett writes "Back in October, rumors surfaced (and then quickly subsided) that Microsoft was considering another bid to purchase Yahoo. Now the rumors are back, and this time Microsoft is said to be in talks with other prospective buyers about some kind of partnership to acquire the troubled Internet company." -
AT&T Stops T-Mobile Merger Bid With the FCC
An anonymous reader writes Relationships are tough and it looks like AT&T and T-Mobile's has stopped before it even started. From the article: 'AT&T and T-Mobile have announced that they will remove their pending applications to the FCC for their merger bid. This comes after statements from the FCC chairman 'strongly opposing the merger'. In doing so, AT&T has agreed to pay T-Mobile 4 Billion US dollars to cover accounting and other costs that this may have caused. While AT&T would still like to merge, it is unlikely that they will gain antitrust clearance from the Department of Justice. It's the antitrust aspect that this is mostly about, in that AT&T has said that they want this move to free up the FCC to consider all options, and focus both AT&T and T-Mobile on the pending antitrust.'" -
Carrier IQ Relents, Apologizes
symbolset writes "Update from an earlier story here, where Carrier IQ was pursuing a security researcher for pointing out privacy issues in an application alleged to track and record the activities of smartphone users. The company has relented, and retracted their Cease and Desist letter. In their press release [PDF] they say: 'As of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr. Eckhart and the Electronic Frontier Foundation (EFF) to apologize. Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.' Notch another win for the Streisand effect." -
Stanford's Free Computer Science Courses
mikejuk writes "Stanford University is offering the online world more of its undergraduate level CS courses. These free courses consist of You Tube videos with computer-marked quizzes and programming assignments. The ball had been started rolling by Sebastian Thrun and Peter Norvig's free online version of their Stanford AI class, for which they hoped to reach an audience in the order of a hundred thousand, a target which they seem to have achieved. As well as the previously announced Machine learning course you can now sign up to any of: Computer Science 101, Software as a Service, Human-Computer Interaction, Natural Language Processing, Game Theory, Probabilistic Graphical Models, Cryptography and Design and Analysis of Algorithms. Almost a complete computer science course and they are adding more. Introductory videos and details are available from each courses website." -
Stanford's Free Computer Science Courses
mikejuk writes "Stanford University is offering the online world more of its undergraduate level CS courses. These free courses consist of You Tube videos with computer-marked quizzes and programming assignments. The ball had been started rolling by Sebastian Thrun and Peter Norvig's free online version of their Stanford AI class, for which they hoped to reach an audience in the order of a hundred thousand, a target which they seem to have achieved. As well as the previously announced Machine learning course you can now sign up to any of: Computer Science 101, Software as a Service, Human-Computer Interaction, Natural Language Processing, Game Theory, Probabilistic Graphical Models, Cryptography and Design and Analysis of Algorithms. Almost a complete computer science course and they are adding more. Introductory videos and details are available from each courses website." -
Lost Russian Mars Probe Phones Home
astroengine writes "The lost Russian Mars mission Phobos-Grunt has made a surprise announcement: she's alive. According to the European Space Agency (ESA) in the early hours of Wednesday morning, a tracking station in Perth, Australia, picked up a signal from the ailing spacecraft." -
Ask Hacker and Security Gadfly Moxie Marlinspike
As a security researcher, Moxie Marlinspike has played a big role in explaining what can go wrong in using Certificate Authorities to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates. On that front, he's lately come up with a system designed to circumvent CAs entirely, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system. Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post. -
Ask Hacker and Security Gadfly Moxie Marlinspike
As a security researcher, Moxie Marlinspike has played a big role in explaining what can go wrong in using Certificate Authorities to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates. On that front, he's lately come up with a system designed to circumvent CAs entirely, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system. Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post. -
Ask Hacker and Security Gadfly Moxie Marlinspike
As a security researcher, Moxie Marlinspike has played a big role in explaining what can go wrong in using Certificate Authorities to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates. On that front, he's lately come up with a system designed to circumvent CAs entirely, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system. Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post. -
Ask Hacker and Security Gadfly Moxie Marlinspike
As a security researcher, Moxie Marlinspike has played a big role in explaining what can go wrong in using Certificate Authorities to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates. On that front, he's lately come up with a system designed to circumvent CAs entirely, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system. Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post. -
Ask Hacker and Security Gadfly Moxie Marlinspike
As a security researcher, Moxie Marlinspike has played a big role in explaining what can go wrong in using Certificate Authorities to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates. On that front, he's lately come up with a system designed to circumvent CAs entirely, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system. Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post. -
Ask Hacker and Security Gadfly Moxie Marlinspike
As a security researcher, Moxie Marlinspike has played a big role in explaining what can go wrong in using Certificate Authorities to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates. On that front, he's lately come up with a system designed to circumvent CAs entirely, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system. Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post. -
Ask Hacker and Security Gadfly Moxie Marlinspike
As a security researcher, Moxie Marlinspike has played a big role in explaining what can go wrong in using Certificate Authorities to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates. On that front, he's lately come up with a system designed to circumvent CAs entirely, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system. Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post. -
Water Pump Destruction Not Due To SCADA Hack
knifeyspooney writes "According to the Springfield State Journal-Register, the city's recent public water system failure was not caused by malicious activity. One water district trustee spoke this gem: 'First, they tell us that it's the first instance of cyber hacking in the entire world, and everyone goes nuts. Now, all of a sudden, they tell us it's not.'" -
Netflix Expects To Be Unprofitable In 2012
PolygamousRanchKid writes with an article in CNN Money about Netflix's prospects in 2012. From the article: "Netflix warned in its last earnings report that it expects to be unprofitable 'for a few quarters' starting at the beginning of 2012. The primary culprit is Netflix's pricey plan to expand its streaming video service into the United Kingdom and Ireland, but a wave of subscribers jumping ship hasn't helped. The filing also revealed that Netflix is in the process of raising $400 million from investors to help bulk up its cash stash. While that will give Netflix more money to invest in content, secondary offerings are sometimes considered ominous signs." -
Netflix Expects To Be Unprofitable In 2012
PolygamousRanchKid writes with an article in CNN Money about Netflix's prospects in 2012. From the article: "Netflix warned in its last earnings report that it expects to be unprofitable 'for a few quarters' starting at the beginning of 2012. The primary culprit is Netflix's pricey plan to expand its streaming video service into the United Kingdom and Ireland, but a wave of subscribers jumping ship hasn't helped. The filing also revealed that Netflix is in the process of raising $400 million from investors to help bulk up its cash stash. While that will give Netflix more money to invest in content, secondary offerings are sometimes considered ominous signs."