Slashdot Mirror

LionMage writes "Much has been made previously of how China's Green Dam software must be installed on all new PCs in China, and of more recent revelations that the software may create exploitable security vulnerabilities or even provide the Chinese government with a ready-made botnet to use for potentially nefarious purposes. (One of those prior articles even discusses how Green Dam incorporates blacklists from CyberSitter.) Now the BBC is reporting that Solid Oak's CyberSitter software may have had more than just a compiled blacklist lifted from it. Solid Oak is claiming that actual pieces of their code somehow ended up in Green Dam. From PC Magazine's article: 'Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.'" Relatedly, reader Spurious Logic writes that Green Dam won't be mandatory after all, according to an unnamed official with China's Ministry of Industry and Information Technology.

An anonymous reader writes "The Business Software Alliance released their annual global piracy report earlier this week. In addition to the usual claims of software piracy (PDF) and the grudging acknowledgment of open source software, Michael Geist noted that the report ultimately undermined one of the BSA's core arguments — that countries which enact DMCA-style legislation experience significantly reduced piracy rates. Questions have also been raised over the BSA's methodology, as has happened in the past."

volume4 writes "The South African Department of Home Affairs has begun rolling out security enhanced passports to new applicants from this week. A facility in Pretoria which prints the new passports was officially opened last week by the minister of home affairs, Nosiviwe Mapisa-Nqakula. The new passports have an embedded RFID chip which stores the owner's biometric information, including personal details, a high-resolution colour photograph and fingerprint information."

xufem writes "Millions of Brazilian schoolchildren will soon be 'brought up right' running Linux on over 350,000 seats each using PC sharing hardware and software from Userful and KDE. This is world's largest virtual desktop deployment and probably also the world's largest Linux deployment, and seems to have been selected over OLPC by Brazil. Definitely a moment to celebrate — and just in time for Brazilian Carnival which starts tomorrow!"

pnorth writes "A hacker has shown how easy it is to clone US passport cards that use RFID by conducting a drive-by test on the streets of San Francisco. Chris Paget, director of research and development at Seattle-based IOActive, used a $250 Motorola RFID reader and an antenna mounted in a car's side window and drove for 20 minutes around San Francisco, with a colleague videoing the demonstration. During the demonstration he picked up the details of two US passport cards. Using the data gleaned it would be relatively simple to make cloned passport cards he said. Paget is best known for having to abandon presenting a paper at the Black Hat security conference in Washington in 2007 after an RFID company threatened him with legal action." Apparently this is a little unfair — he sniffed the data, he didn't actually make a fake passport.

schliz writes "Flash memory chips with a potential lifetime of hundreds of years have been developed by Japanese scientists. The new chips also work at lower voltages than conventional chips, according to the scientists from the University of Tokyo. They are said to be scaleable down to at least 10 nm; current Flash chips wouldn't be usable below 20 nm."

An anonymous reader writes "Krugle, a software search company, had some time on its hands — it compared frequency of mentions in open source code of presidential candidates, Beelzebub and yes, Britney Spears." I wish they'd link to a nice long list of the other terms this revealed — there are probably a lot of subtler funny references and asides.

An anonymous reader writes "Google has previously used coding competitions to locate top talent. In a new twist on the idea, an anonymous tech company is posting a help-wanted ad that challenges developers to find out who the company is. A little digging and text mashing reveals a website containing a Web 2.0 puzzle that makes notpron look like child's play. So, fellow developers, who is this company, and, well, what is the significance of the date '01-18-08?'" Update: 12/12 20:20 GMT by KD : Replaced link to a removed Craigslist ad with a mirror.

An anonymous reader writes "Spammers are back with a new trick, this time round sending messages with MP3 attachments that contain the latest pump-and-dump stock scams. One sample identified by Sophos was a heavily distorted 30-second MP3 file. A synthetic female voice was used to promote a particular stock. Says Graham Cluley, senior technology consultant at Sophos: 'Although the spammers seem to have a fair bit to learn about machine-generated sales patter, some companies might consider blocking all MP3s in email as a matter of course. So many music files infringe copyright, and it can be hard for a company to establish which ones are legal and which are not after they have arrived. Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing. It also has the benefit of neutralizing this sort of spam at the same time.'"

An anonymous reader writes "Via Groklaw comes comments from Microsoft's Steve Ballmer at a UK event, in which the company once again threatens Linux distributions that haven't signed up with their program. '"People who use Red Hat, at least with respect to our intellectual property, in a sense have an obligation to compensate us," Ballmer said last week ... Ballmer praised Novell at the UK event for valuing intellectual property, and suggested that open source vendors will be forced to strike similar deals with other patent holders. He predicted that firms like Eolas will soon come after open source vendors or users. Microsoft paid $521m to settle a patent claim by Eolas in August.'"

pete314 wrote to say that "Electronic Arts had broken its WWDC promise to launch games for OS X on the same day as the Windows version." Thankfully, the company has come through, with four new titles now available for order: Battlefield 2142, Harry Potter and the Order of the Phoenix, Need for Speed Carbon, and Command & Conquer 3 Tiberium Wars . Thanks to mr100percent for the update.

csuftech writes "According to an article posted on vnunet, Google is pledging to bid at least $4.6bn for the FCC's upcoming auction of the 700MHz spectrum. However, Google would only be willing to pay said amount if the FCC agreed to a few conditions, namely, 'the wireless spectrum would allow consumers to download and use any software apps and content they want; allow handhelds to be used with any carrier; enable resellers to acquire wireless services at wholesale costs; and mandate that third parties such as ISPs interconnect at any point on the 700 megahertz band.' All this was disclosed in a letter [PDF] to FCC president Kevin Martin written by Google CEO Eric Schmidt."

pete314 writes "A Vnunet.com article claims that European mobile operators are unwilling to concede to Apple iPhone partnership demands. Several operators went as far as to say they 'will never offer the iPhone.' In the US, Verizon reportedly passed on the device, and AT&T is rumored to have engaged in a revenue-sharing deal that includes monthly payments to Cupertino." In Europe, unlike in the US, Apple has the option of selling the iPhone through its own dealer network without a simlock.

pete314 writes "Red Hat announced this week at their San Diego Red Hat Summit that they are planning to compete with Microsoft on the desktop by building an 'online desktop' that will integrate local data with online services. Red Hat CTO Brian Stevens argued that: 'To user the desktop metaphor is dead. We don't believe that recreating a Windows paradigm in an open source model will do anything to advance the productivity in the life of users.'"

orbitalia writes "The UK is heavily involved in the JSF (Joint Strike Fighter program) but has recently considered abandoning the project because the US refuses to share the source code. The UK had intended to purchase $120 billion dollars worth of aircraft to operate on two new aircraft carriers, but is now seriously considering Plan 'B'. This is likely to be further investments in the Eurofighter Typhoon project." From the article: "It appeared that Tony Blair and George Bush had solved the impasse in May, when they announced an agreement in principle that the UK would be given access to the classified details on conditions of strict secrecy. The news was widely seen as evidence that the Prime Minister's close alliance with the American President did have benefits for Britain ... 'If the UK does not obtain the assurances it needs from the US then it should not sign the Memorandum of Understanding covering production, sustainment and follow-on development,' the MPs insisted."

pete314 writes "Microsoft has been provided with a number of test models of Nicholas Negroponte's One Laptop per Child computers and is trying to get Windows installed on them. The current design runs a custom version of Red Hat's Fedora Linux. Running Windows will take quite a bit of additional memory: the OLPC has 512Mb of Flash, where XP requires a minimum of 1.5Gb storage."

pete314 writes, "Open source databases can cut the total cost of ownership of a database by up to 60% compared to the cost of running proprietary databases from Oracle, Microsoft or IBM. According to data collected by Forrester Research, the savings average about 50%. Open source databases however still struggle to reach mission-critical enterprise applications because enterprises perceive them to be less secure and stable."

An anonymous reader writes "Novell is providing Eben Moglen's Software Freedom Law Center with confidential access to the legal terms of the Novell-Microsoft partnership, allowing to organization to verify if the deal is compatible with the GPL2 and GPL3 licenses. Moglen in the past has alleged that the patent license between the two companies could be in violation with section 7 of the GPL. Novell on Tuesday published a document on its website, explaining that they circumvented the GPL provisions by providing a patent license to the end user rather than between the two companies."

Dell has finally shipped its first AMD-based servers incorporating Opteron processors. "The firm used an Oracle conference to launch the four-chip PowerEdge 6950, shipping at $6,499, which it said is targeted at the low-end database market. It also announced the low-end dual Opteron processor PowerEdge SC1435 selling at $1,299." Dell is expected to position the servers at particular sectors such as web server and database markets.

AMD is one step closer to acquiring ATI. The proposed takeover has been approved under the Investment Canada Act, satisfying one of the conditions to completing the acquisition. There are still a few more hoops to jump through, but the deal is expected to become final the week of October 23rd. "In order to convince the Minister of Industry AMD has committed to expanding its research and development in Canada and will nominate a Canadian citizen for election to AMD's board."

jayp00001 writes, "A Taiwan-based maker of DVDs and CDs for major studios is about to begin putting RFID chips in disks. The eventual aim is for DVD and CD players equipped with an RFID reader to prevent copied or out-of-region disks from being played."

wysiwia writes "Stuart Cohen, CEO of OSDL, said during an interview with vnunet.com at the LinuxWorld conference in San Francisco that it's 'inevitable' that Microsoft will release a version of Office to run on Linux within the 'next couple of years'. But when one reads the OSDL survey about the 'Top inhibitors of Linux desktop adoption' this 'next couple of years' might mean quite a long time. This leads to the question, has Stuart Cohen read his own survey and how does he overcome these inhibitors so MS really will think about MSOffice for Linux." I think the bigger question is 'In reality, how likely is Office for Linux?' I'm not sure that I agree with his assumption.

thePowerOfGrayskull writes "Sun is now stating that the Hotspot JVM and javac will be open-sourced in October of this year, with the rest to follow by the end of 2007. There is still no word as to which license it will be released under. For those who haven't seen it yet, Sun has previously opened a public developer community site for soliciting feedback and providing updates about the process."

MetaNick writes "It seems with every worldwide sporting event, e.g., Olympics, World Cup, we hear warnings of a "meltdown" as more and more broadband users attempt to stream video of the event to their browsers. And such predictions have just begun for the World Cup just getting underway: World Cup streaming to cause network meltdown, World Cup by broadband endangers networks. Has this ever really happened? Will it happen with this the World Cup just getting underway? I tend to doubt it. I looked for articles discussing how predictions of meltdowns did NOT come to pass, but I couldn't find any."

Aquafinality writes "A new IM worm discovered recently takes the novel step of installing its own web browser onto the victims PC. Ironically titled "The Safety Browser", its default settings actually make your PC less secure - switching on pop-ups, changing your home page and hijacking your desktop with a looped music track that plays every time you switch your computer on. It's clear people cannot resist clicking "yes" to anything they're presented with via IM - with this in mind, what on Earth can we do so stop the spread of garbage like the above? To put it another way, will reducing the amount of potential "suckers" out there dissuade the bad guys from coming up with ever-more elaborate ideas such as this latest scam? Or is IM safety a lost cause?"

pete314 writes "After resisting for years, Sun Microsystems CEO Jonathan Schwartz at JavaOne this morning said that he will release the source code for Java. The company is asking developers to provide feedback on how to best get there and prevent forking and fragmentation."

Erwin_D writes "Under the guise of banning spam, China has ruled that running your own e-mail server has been banned, unless you have a license. To qualify for such a license, an 'e-mail service provider' must abide by some chilling rules: all e-mail must be stored for two months, and e-mail with discussing vaguely defined subject as network security or information security may not be transmitted. While the rules contains all the good measures we would all like to see to combat spam, such as prohibiting open relays and outlawing zombie network, the law is also geared toward controlling free speech. From the article: 'I believe that the intent to have an antispam regulation was a good one ... Unfortunately, it seems like during the policy formulation process, it got hijacked and went to one extreme.'"

An anonymous reader writes "VNUNet is reporting that a company called InPhase Technologies claims they have successfully recorded 515GB of data per square inch to capture the record for highest data density. From the article: 'InPhase promised to begin shipping the first holographic drive and media later this year. The first generation drive has a capacity of 300GB on a single disk with a 20Mbps transfer rate. The first product will be followed by a family ranging from 800GB to 1.6TB capacity.'"

An anonymous reader writes ""The UK has warned America that it will cancel its £12bn order for the Joint Strike Fighter if the US does not hand over full access to the computer software code that controls the jets" Lord Drayson, minister for defense procurement, told the The Daily Telegraph that the planes were useless without control of the software as they could effectively be "switched off" by the Americans without warning."

digitalsurgeon writes "The University of Wisconsin [ed: Go Badgers] has launched a Mac OS X Security challenge, in response to a 'woefully misleading ZDnet article'. From the site: 'The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open.' Are you up to the task? Can you prove ZDNet wrong, or can you show that Mac OS X can really be hacked in less then 30 minutes? More information about the challenge is at http://test.doit.wisc.edu/ The challenge ends Fri 10 March 2006 10:00 AM CST." Update: 03/07 14:32 GMT by Z : Commentary on the contest and original claim is available at VNUNet

greyfeld writes "South Korean lawyers have filed a class action lawsuit against NCSoft related to the identity theft of 230,000 people whose information was then used to register accounts on Lineage and Lineage2. From the Vnunet article: 'Most of the identify thefts took place over the past six months as underground gaming syndicates stole victims' official Korean ID numbers in hacking attacks and used them to register hundreds of thousands of Lineage accounts...the new accounts were then 'farmed' by low paid workers in Chinese gaming sweatshops to generate 'gold' and other game-world items that could be sold for real world cash.'"

inc_x writes "Developers from OpenOffice.org are urging Sun to set the project free and bring it under a foundation. Sun's dominance over the project makes other companies such as IBM, Redhat and Novell reluctant to contribute more. Both Mozilla and Eclipse managed to attract an increasing number of developers after the projects were moved over to an independent foundation."

Barry Norton writes "VNUNet reports that the Photocasting feature in Apple's iPhoto application violates core XML and RSS standards. Perhaps the worst part is that, in many cases, this isn't even a case of 'embrace and extend', but just plain doing it wrong. Dave Winer, essentially the creator of RSS, says, 'It's pretty bad. There are lots of errors, the date formats are wrong, there are elements that are not in RSS that aren't in a namespace.'"

Skal Tura writes "Samsung will start producing 16 gigabit Nand Flash chips this year, nudging the memory technology towards use in notebook PCs and maybe even edging out hard drives in some products in the next few years."

Rollie Hawk writes "Although storage space is no longer the premium it once was, physical backups and external media have been slow to catch up. While recordable DVDs may be fine for backing up a single workstation, large servers are still forced to rely on swappable drives and tape backups. But holographic disc technology could be changing all of that in the very near future. Holographic Versatile Discs (HVDs) have been in the works for some time now by various companies, including InPhase Technologies (formerly part of Lucent) and Japan's Optware (which claimed to have made the first recording of a movie on a holographic disc last year). InPhase's HVDs, scheduled for release in 2006, are said to hold 300GB of data, 60 times that of a conventional DVD with only a slight increase in size. That translates to more than a day's worth of HD-quality video. Not to mention the drives themselves can read and write at ten times the speed a normal DVD drive. One of InPhase's partners in HVD research, Maxell, is working towards even more storage on a 1.6TB disc."

chrisbtoo writes "Nokia's VP of corporate strategy has admitted that the company's ill-fated N-Gage was not the success they'd hoped it would be, and they won't develop the platform further. The device sold 2 million units in 3 years, against projections of 6 million. They'll continue to build the gaming software into their Series 60 phones, but gaming won't be a priority for them until 2007." From the article: "The company launched the N-Gage in 2003 but sales have been disappointing and, according to the company's roadmap, mobile gaming will not be a focus until 2007. Nokia is concentrating on mobile music for the rest of this year, and next year's main push will be on driving mobile television."

maxifez writes writes to tell us that Microsoft has released yet another independent study downplaying the viability of Linux at the enterprise level. The study claims that Windows is "more consistent, predictable, and easier to manage than Linux." From the article: "The study, commissioned by the software giant from Security Innovation, a provider of application security services, claimed that Linux administrators took 68 per cent longer to implement new business requirements than their Windows counterparts." Vnunet.com has also provided a PDF of the original report.

maxifez writes writes to tell us that Microsoft has released yet another independent study downplaying the viability of Linux at the enterprise level. The study claims that Windows is "more consistent, predictable, and easier to manage than Linux." From the article: "The study, commissioned by the software giant from Security Innovation, a provider of application security services, claimed that Linux administrators took 68 per cent longer to implement new business requirements than their Windows counterparts." Vnunet.com has also provided a PDF of the original report.

FlorianMueller writes "According to a VNUnet report, Shai Agassi, the president of the product and technology group at SAP, disparaged open source as 'more likely to break applications' than to deliver innovation. He also equated the open-source development model with 'Intellectual property [IP] socialism,' which he says 'is the worst that can happen to any IP-based society.' In Europe, it isn't a secret that SAP's management primarily views open source as a threat to its business, and that SAP is politically on Microsoft's side. SAP and Microsoft co-financed certain pro-patent lobbying activities in Europe, and recently co-founded the European Software Association, an entity that is expected to lobby for software patents and against open-source adoption by European governments."

Captain Chad wonders: "With the recent news of a 1.5-million node botnet, as well as the AIM rootkit worm, I'm getting a bit concerned about whether my PC may be a zombie. I'm seeing a lot of internet activity, even when nothing is running, and I've checked the process explorer for obvious tasks to no avail. I apply patches as soon as they're released, and my antivirus/spyware programs report nothing. How do I determine if my PC is a zombie, and if it is, how would I de-infect it?" On this same vein, college campuses are often prime breeding grounds for undead-boxen. bcrowell adds: "I'm a teacher at a community college where Windows is the only supported OS -- if you ask the school to put machine on your desk, you get a Windows box. Faculty who want to run MacOS or Linux have had to provide their own machines, and those who want to do PowerPoint presentations for their classes have been told that they have to buy their own laptops and bring them in.

Now Academic Computing has announced a new policy: any unauthorized use of the network, such as plugging in your own computer to a port, is prohibited, and will result in disciplinary action. There are supposedly plans to enforce this rule automatically with hardware and software. Great consternation has ensued in the faculty senate, and the manager who wrote the policy has explained that it is basically aimed at the problem of improperly maintained teachers' machines getting '0wned'. A little ironic, because the Windows boxes maintained by the computing folks keep getting infected by worms. Still, it's not an unreasonable concern; many teachers are clueless. In fact, I wouldn't pretend to know enough to keep a Windows machine secure on a public network, although I haven't had any problem with the FreeBSD box on my desk. Any suggestions on how to deal with this? Effective arguments to use? Good educational resources to point people to so they can learn how to keep their Windows boxes secure? Many of my colleagues seem to think that security mainly involves buying antivirus software."

pete richards writes "Signalling a trend towards increased 'outsourcing' of some elements of malware creation, worm authors are increasingly turning to commercially available rootkits to help their creations slip past virus detection engines. Those root kits in the mean time are becoming more professional. Antivirus vendor F-Secure reported last week that it had detected a first rootkit designed to bypass detection by most of the modern rootkit detection engines."

pete314 writes "A Florida court this Friday will hear arguments in a case where the accuracy of a breathalyzer is being scrutinized because the manufacturer refuses to release the source code. A state court ruling last year said that accused drunk drivers are entitled to receive details about the inner workings of the "mystical machine" that determined their guilt, and defense attorneys are now using that ruling to open up the device's source code.Is this part of a larger trend? With software bugs being a fact of life, consumers and organizations could claim that they need to be able to verify an application's source code before they accept that their calculations are accurate. Think credit card transactions, speed detecting radar guns, electronic voting machines..." Here is our previous story when this first became an issue in Florida.

pete314 writes "The Trusted Computing Group has unveiled that it is working on a mobile version of its TPM security chip. It should prevent the phone world from being hit by the same virus and hacking issues that face computers. However, the EFF is not amused, stating that the chip will be used for DRM, and could even limit which software the owner installs on his cell phone."

Linurati writes "According to vnunet.com, Linux and Windows are neck and neck when it comes to security, but 'misleading figures and surveys are muddying the waters.' The article lays blame on both sides for the misleading information." From the article: "...Microsoft had made real progress on security in the past two years, but that the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."

spac writes "It seems that Apple has chosen to use the Trusted Platform Module chip to ensure that Mac OS X can only run on Apple Hardware. The report from vnunet states that the chips contain a unique identifier, which can be used to determine the manufacturer of a PC as well as facilities for data encryption. "

bonch writes "Formerly known as Palladium, Next Generation Secure Computing Base (NGSCB) will not be fully available in Windows Longhorn after all. Instead, Longhorn will offer "the first part of NGSCB: Secure Startup," says Jim Allchin, Microsoft's group vice president for platforms. However, most hardware will not support this technology on release."

wassup writes "According to this article in MIT tech review (and here), researchers at University of California San Diego have developed a technology called SyncScan that will reduce handoff delay in WiFi networks to a few milliseconds. VoIP roaming will be here soon!"

DanMan writes "Adobe has released a reader client (Adobe Acrobat Reader 7.0) for the linux operating system. No news on open sourcing the client, but they're making a start. You can download the client from their site."

Elteto writes "Just when we thought the DVD could not be any more ubiquitous, Serge Tchuruk at the Alcatel Forum in Paris announces that the days of the rapidly adopted medium are nearing their end. The increasing availability, affordability, and speed of broadband will contribute to a more efficient delivery method of media content. Will DVD join LaserDisc in obscurity?"

Pinawella writes "It's reported on VNUnet that 'Enemies of Linux' are trying to undermine the OS with a campaign of disinformation. It's based on an interview with an exec from the Open Source Development Labs, but who are these enemies?"