Slashdot Mirror

Em Adespoton writes "At DEFCON this year, Moxie Marlinspike gave an excellent presentation showing how broken the current SSL certification model is and proposing a replacement. Naked Security adds to the issue, asking: does it even matter if you can trust your certificate notaries?"

Em Adespoton writes "It was a computer security story that made headlines around the world, involving the private emails of a woman who could have become Vice President of the United States. And now, it's ended with a young man sent to a federal prison, hundreds of miles from his family home. David C Kernell, the hacker who broke into Sarah Palin's personal Yahoo email account, is reported to have been sent to jail despite a judge's recommendation that he should not be put behind bars."

chthonicdaemon writes "I have been using Linux as my primary environment for more than ten years. In this time, I have absorbed all the lore surrounding the Unix Way — small programs doing one thing well, communicating via text and all that. I have found the command line a productive environment for doing many of the things I often do, and I find myself writing lots of small scripts that do one thing, then piping them together to do other things. While I was spending the time learning grep, sed, awk, python and many other more esoteric languages, the world moved on to application-based programming, where the paradigm seems to be to add features to one program written in one language. I have traditionally associated this with Windows or MacOS, but it is happening with Linux as well. Environments have little or no support for multi-language projects — you choose a language, open a project and get it done. Recent trends in more targeted build environments like cmake or ant are understandably focusing on automatic dependency generation and cross-platform support, unfortunately making it more difficult to grow a custom build process for a multi-language project organically. All this is a bit painful for me, as I know how much is gained by using a targeted language for a particular problem. Now the question: Should I suck it up and learn to do all my programming in C++/Java/(insert other well-supported, popular language here) and unlearn ten years of philosophy, or is there hope for the multi-language development process?"

deblau writes "NASA's Spitzer Space Telescope has captured for the first time enough light from planets outside our solar system, known as exoplanets, to identify signatures of individual molecules in their atmospheres. The landmark achievement is a significant step toward being able to detect possible life on rocky exoplanets and comes years before astronomers had anticipated."

theslashdot asks: "I'm working at a major university in the US, and have been charged with posting pod-casts of class lectures on the internet. The problem is whether or not posting the videos would allow students to skip class and just download the lecture, instead. I guess the problem is trying to strike the right balance between allowing good students to take advantage of this resource, but discourage bad students from staying at home all the time and watching all the lectures right before the exam. So what methods can be used to provide these pod-casts for the students who actually attended class? In terms of when the lecture should be posted, what would be a good time-frame? Immediately after the class? 24 hours? One week? One class behind schedule?" "In terms of trying to prevent this, here are some possible solutions I've come up with:

- Post the lecture with authentication based on the class list for those enrolled in the course, although this would not really discourage truancy.

- Post the lecture with authentication based on those who attended the class (student cards would have to be barcode-scanned at the beginning of class); this would prevent those who missed the class from downloading the lecture, but presumably they could receive a copy from a student who did attend the class. Additionally it would create a major hassle for all students to ensure that their attendance is registered.

- Post the lecture with a single password that the professor distributes to the class during the lecture. This would discourage students from missing the lecture, but likely those students missing class could simply obtain the password from another student who did attend the class."

deblau writes "Wired is reporting that the federal government intends to invoke the rarely used 'State Secrets Privilege' in the Electronic Frontier Foundation's class action lawsuit against AT&T. The case alleges that the telecom collaborated with the NSA's secret spying on American citizens. The State Secrets Privilege lets the executive branch step into a civil lawsuit and have it dismissed if the case might reveal information that puts national security at risk."

deblau writes "On July 27, scientists at the National Nuclear Security Administration's Nevada Test Site said they generated a current equal to about four times all the electrical current on Earth. During the few millionths of a second that it operated, the 650-ton Atlas pulsed-power generator discharged about 19 million amps of current through an aluminum cylindrical shell about the size of a tuna can. Official news release is available from the DOE (PDF)."

Em Adespoton writes "Core Security researchers discovered that by electing a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer. Through this, it is possible to covertly take over machines running instant messaging software. Windows Messenger and Windows Media Player are also affected by this vulnerability. The story is also available at Newsfactor.com and SearchSecurity.com."

martensitic writes "eWeek reports that Phoenix has developed a utility allowing users of its laptop DRM BIOS (last discussed here) to 'check their Outlook data on a notebook computer without needing to boot the machine.' Since Longhorn is still several years away, Pheonix is developing their own trusted apps to sell the BIOS to laptop manufacturers. One can only imagine what other innocuous bells and whistles will be used to leverage DRM onto Joe Laptop's machine."

apirkle writes "As reported in this article on EEtimes.com, NEC has claimed today that they own 'essential patents' on carbon nanotubes, and that all companies who make or sell nanotubes must purchase a license. NEC has a press release stating that they have already sold a license."

Bagels writes "A new article on MSNBC (coming originally from Space.com) reports that the both Rovers may have struck water in the form of brine. The Opportunity rover found hints of salty water in the trench that it dug, and scientists note that the Spirit rover is currently digging a trench of its own to investigate the soil that clings to its treads, suggesting the possibility of moisture. The brine would only be small amounts of water mixed with salt, which can exist in liquid form at very low temperatures. More images are available over at NASA's rover site." Reader frovingslosh would like to add: "I'm just hoping that when you get around to posting one of the many stories that the rover has found mud on Mars that you might include a link to the slashdot article where I predicted this but got moderated as 'funny'." Done!

hendridm writes "The new 5.0-alpha release of MySQL includes the addition of stored procedures, as well as other advances designed to enhance the development of large-scale enterprise database applications. The MySQL 5.0 alpha development release is now available for testing and evaluation by the open source community. There's more info via CNET News, or you can download your copy today."

wrenhunt writes "The Speak Freely site has this: 'On January 15th, 2004, Speak Freely will be discontinued and removed from this Web site. Existing users may continue to use the program as long as they wish, but no further releases will be forthcoming. For details and the reasons why Speak Freely is being discontinued, please see the full end of life announcement.'" The reasons are various and interesting; it's graceful of the author to provide an explanation of why a piece of software is going away. Update: 01/11 19:22 GMT by T : As reader pi_rules points out, this story is a duplicate -- my apologies.

Dteyn writes "I heard on the radio today that Wal-Mart will soon be opening up an online music store to compete with the likes of Apple's iTunes and Napster. According to the radio newsguy, it's expected to be officially announced as early as next week. Looks like this 'digital music' thing is starting to catch on with the bigwigs. Finally."

virtualXTC writes "There is an article in Nature today about Shadow's (Craig Venter's dog) sequence being released and freely available to the public (a rare trend in biotech). Craig Venter is generally regarded as the person responsible for getting the human genome sequenced years ahead of schedule using his own DNA and shotgun sequencing approach."

Vicegrip writes "Apparently Sun not only bought extra licenses from SCO, but also obtained the option to buy a nice stake in the company: 'The pact, signed earlier this year, expanded the rights Sun acquired in 1994 to use Unix in its Solaris operating system. But there's more to the relationship: SCO also granted Sun a warrant to buy as many as 210,000 shares of SCO stock at $1.83 per share as part of the licensing deal, according to a regulatory document filed Tuesday.'" A reader points out Ransom Love's 2000 Linuxworld keynote speech.

A not-so Anonymous Coward asks: "I have searched the web for links on how to make VNC work with Windows XP fast user switching, and all I have seen is people saying that they cannot get it to work. I would now like to ask the Slashdot community to give it their shot, and see if they cannot find a way to make your standard VNC utilities cooperate with Windows XP fast user switching. For those who don't know what the problem is; when using fast user switching, if you switch users (without logging out) from the first user to log on then VNC comes up with a blank screen. Hopefully someone can come up with a fix for this." It sounds like (and I might be way off base here)Windows isn't necessarily running multiple desktops for its fast user switching, and once the switch occurs from the user running the VNC process, that VNC then somehow loses rights to the desktop. It would be interesting to note if VNC sessions will work once the desktop is switched back. Has anyone else tried getting this to work? Have you run into the same problems, or were you able to find a solution?

Undaar asks: "I work as a developer for a web development company. We were pretty hard hit (as were many companies that do what we do) by the "economic down-turn". The company went from over 500 people to under 200 in under two years. It's more stable now, but people are consistently laid-off. Consequently people feel like they always have to look over their shoulder to avoid getting fired. Most lunches are spent complaining about lack of enjoyment/challenge from the job and the fact that upper-management seems not to understand what we do. Employers: what have you done to improve employee morale in your company? As an employee, what can I do to improve the morale in the people I work with? How can I make my work environment more enjoyable? What kind of constructive suggestions can I take to management so that they can help improve the situation?"

indros13 writes "The NY Times is running a story on the radio tagging of merchandise. Companies like Gillette want to make sure their razors are in stock and stores like Wal-Mart want to make sure you can find your paisley panties, size 10. But what happens to privacy when everything you buy can be tracked from store floor to door?"

bmooney28 asks: "After maintaining a single permanent email address through 8 years and five ISP's (via a forwarding service), I lost it all in a day. My first sign of trouble came when I found a message undeliverable email in my inbox containing hundreds of failed email addresses. Apparently, my email address had been pasted as the return address in a mass mailing similar to this one sent to hundreds of random recipients. This process repeated a few times over the next day or so, effectively blacklisting my email address on various master lists and adding my address to thousands of random address books (virus magnets). In the past, I have had a great deal of luck fighting off SPAM and other unwanted email via throwaway email addresses and preemptive email filtering. Now, the email address that I use to communicate with friends, former students, and coworkers around the world is useless. Have any of you ever found yourself in a similar situation? Are there any legal steps that I could take against this company?"

jqh1 asks: "I'm the "inventor" of spamgourmet, a fairly un-obvious approach to spam prevention through auto-create/expire email addresses. I'm fully committed to keeping the software free for all to use. Recently, I've seen other 'patent pending' disposable email address services that are not immediately forthcoming about their own processes. I don't have the time or resources to monitor and challenge patent applications, but I'm afraid that if I ignore them, I'll regret it. Should I seek patent protection for this open source software? If so, is there a way to do it without losing all semblance of an open source project?"

pinkUZI writes "NYTimes ran an article yesterday about a new material, created by a general manager at Integral Technologies, that would enable use of the plastic mold of a cell phone as its Antenna. Pretty neat, as it actually increases the size of the antenna while decreasing the footprint."

jqh1 asks: "I have a voice capable modem somewhere around here -- I've dabbled in Windows based answering machine software without success and now use a plain old answering machine (the frustrating kind). I have a 100mbs home network that includes a linux box right next to a phone jack. What's the best way to rig up a reliable answering machine system on that box, and rig it so that message are accessible from any other computer (incl. some windows boxen). I have some half baked ideas (using audix-type software and samba), but I'd love to hear suggestions."