Slashdot Mirror

Da Massive writes "Mark Dowd's paper "Application-Specific Attacks: Leveraging the ActionScript Virtual Machine" has alarmed researchers. It points out techniques that promise to open up a class of exploits and vulnerability research previously thought to be prohibitively difficult. Already, the small but growing group of Information Security experts who have had the chance to read and digest the contents of the paper are expressing an excited concern depending on how they are interpreting it. While the Flash vulnerability described in the paper[PDF] has been patched by Adobe, the presentation of a reliable exploit for NULL pointer dereferencing has the researchers who have read the paper fascinated. Thomas Ptacek has an explanation of Dowd's work, and Nathan McFeters at ZDNet is 'stunned by the technical details.'"

spacefiddle writes "Computerworld has an article about a presentation from Gartner analysts in Las Vegas claiming that Windows is 'collapsing', and that Microsoft 'must make radical changes to the operating system or risk becoming a has-been.' Michael Silver and Neil MacDonald provided an analysis of what went wrong with Vista, and what they feel Microsoft can and must do to correct its problems. Larry Dignan of ZDNet has his own take, and while he agrees, he suggests that the downfall of Windows will be slow and drawn-out. As an interesting tangent to this, there's also a story from a few days prior about Ubuntu replacing Windows for a school's library kiosks, getting good performance out of older hardware. '[Network administrator Daniel] Stefyn said he was "pleasantly surprised" to discover that the Kubuntu desktops ran some applications faster with Linux than when they ran on Windows. An additional benefit of Windows' departure from student library terminals saw the students cease 'hacking the setup to install and play games or trash the operating system.'"

Roland Piquepaille notes the hype surrounding what the University of Texas at Austin is calling the world's most powerful laser. During a tenth of a femtosecond this laser is 2,000 times more powerful than all the power plants in the US, and is brighter than sunlight on the surface of the Sun. On his own blog Roland points out that UT's is not the first petawatt laser; that distinction belongs to a system installed at Lawrence Livermore National Laboratory in 1996.

dominux writes "Rumors are already circulating that Microsoft's OOXML has been voted in by the standards board. The Open Sourcerer claims to have results of the ballot on dis29500. According to the site Microsoft managed to flip enough countries to make it stick. 75% of the P members who didn't abstain voted for Microsoft (That is 58% of all the P members). 14% of all the P and O members voted to disapprove it, this includes all the new O members that joined just in time to cast their vote. Norway has asked that their vote be suspended due to voting irregularities, but it would take more than that to make a difference to the result. ZDNet is still playing it cautious, noting that an announcement either way is set to be made on Wednesday."

Earlier this week, we discussed Adobe's beta launch of Photoshop Express, a free, online version of the popular image editing software. However, as a number of readers pointed out, the terms of use included language which granted Adobe a wide range of rights to any photos that were made available on the site. Now, after receiving a great deal of feedback from potential users, Adobe has stated their intent to rewrite the terms of use, as Ars Technica reports. David Morgenstern of ZDNet also notes the impending change, and briefly discusses the privacy and ownership concerns involved with content you post online.

duncan99 writes "George Ou, Technical Director of ZDNet, has an analysis today of an engineering proposal to address congestion issues on the internet. It's an interesting read, with sections such as "The politicization of an engineering problem" and "Dismantling the dogma of flow rate fairness". Short and long term answers are suggested, along with some examples of what incentives it might take to get this to work. Whichever side of the neutrality debate you're on, this is worth consideration."

Chroniton writes with news of a Silicon Valley company, Luxim, that has developed a tiny, full-spectrum light bulb, based on a plasma of argon gas, that gives off as much light as a streetlight while using less power. The Tic Tac-sized bulb operates at temperatures up to 6000K and produces 140 lumens/watt, almost ten times as efficient as standard incandescent lamps, and twice the efficiency of high-end LEDs. The new bulbs also have a lifetime of 20,000 hours. There's no mention of mercury or other heavy metals, which pose a problem for compact fluorescents.

palmsolo (aka Matthew Miller) writes "I was lucky enough to get a chance to evaluate an early beta of the REDFLY device and just posted some initial impressions at ZDNet. As a person who commutes on the train 2 hours every day and usually always has a Windows Mobile device in tow, this is actually a perfect device for me; real productivity is possible with text entry and enjoy surfing on a larger display. However, at $500 can this device really compete in the Asus EeePC market or will it die like the Palm Foleo?"

Roland Piquepaille writes "According to ICT Results, an EU-funded project named Embounded 'has achieved the twin, and apparently contradictory, goals of making embedded systems both smarter and tougher.' One example is the robuCAB, a '4 seat automated people mover' developed by a French company and built from a 4 wheel-drive electric chassis with on-board PC. This autonomous vehicle follows the curb and carries several embedded systems, with one camera on the path edge, another device tracking the angle and direction of the curb, while others control the gearing and acceleration. robuCABs are not totally independent. They move over pre-defined circuits which contain a series of sensors below the ground. But read more for additional references and a picture of two robuCABs on the road."

impuLsive writes "YouTube has announced they're rolling out a brand new API. The API will allow you to integrate YouTube into a website, allowing for features like: uploading videos, adding and editing video metadata, fetching localized feeds, custom queries, and a customized player UI with controlled video playback. Alongside YouTube, TiVo announced that they will be supporting the site's content via the Series3 and TiVo HD DVRs starting later this year."

Allen54 noted a followup to yesterday's story about Pakistan's decision to block YouTube. He notes that "The telecom company that carries most of Pakistan's traffic, PCCW, has found it necessary to shut Pakistan off from the Internet while they filter out the malicious routes that a Pakistani ISP, PieNet, announced earlier today. Evidently PieNet took this step to enforce a decree from the Pakistani government that ISP's must block access to YouTube because it was a source of blasphemous content. YouTube has announced more granular routes so that at least in the US they supercede the routes announced by PieNet. The rest of the world is still struggling."

"The other A. N. Other" writes "It seems that Microsoft has been unsuccessful with SP1 in preventing hackers from turning a pirated, non-genuine copy of Vista into genuine copies that pass activation. The article initially looked at two of the most popular hacks (OEM BIOS hack and the grace timer hack) but after a little digging ZDNet were able to transform a non-genuine install into a genuine one. 'After a few minutes of searching the darker corners of the Internet and a few seconds in the Command Prompt I was able to fool Windows into thinking that it was genuine.'"

DaMan writes in with a ZDNet blog entry on Windows Genuine Advantage under Vista SP1. It seems that the draconian features present in Vista RTM have been replaced by nag screens and annoyances such as repeatedly changing the desktop background to black. But WGA no longer turns off Aero and ReadyBoost or logs you out after an hour."

DaMan writes "ZDNet asks Is open source recession proof? 'So, how might a recession affect open source software? Well, first off, I think that any business model that relies on volunteers could certainly see interest decline if times get tough. There are a lot of businesses that rely on people working for them for free because they get a pay check somewhere else, and I think that a recession would make people question working without getting any dollars in return.'"

obsolete1349 writes "Microsoft has just bid 1.2 billion dollars for FAST (Fast Search And Transfer [Microsoft to use a self-recursive acronym?]), an enterprise search company. 'Microsoft can bundle FAST with its Microsoft Office SharePoint Server' with its soon-to-be-customers Comcast, Disney, Microsoft, Pfizer, and UBS."

Sunday evening saw the final CES keynote delivered by Bill Gates in his current role with the Microsoft corporation. Speculation about big announcements generally seemed to be for naught, as his last address at the show focused more on broad concepts than blockbuster news. "Gates outlined three major themes for the second digital decade-high definition displays with 3D experiences and high quality video and audio, connected services and the power of natural interfaces. Gates had a vision early of those themes, but his quest to make the Tablet PC, Media Center PCs and natural interfaces, such as speech and touch, more mainstream has not been realized." A full description of the talk, including his Guitar Hero finale with Slash, is available in Engadget's liveblog of the event.

KevReedUK writes "The folks at ZDNet are eulogising over the upcoming death of physical media music sales. They refer to the noticeable drop in physical sales of albums whilst digital sales continue climbing (albeit at a reduced rate). Their central argument is that 'the music industry was pillaged by piracy and competition from other forms of entertainment such as video games ... [2007] marked the lowest tally and the steepest decline since Nielsen began publishing estimates based on point-of-sales data in 1993, a Nielsen representative said. The peak year in that time was 2000, when sales reached 785 million units.'"

Roland Piquepaille writes "In 2015, and if everything goes well, oil drilling platforms located offshore Norway will be controlled by robots. Even today, these platforms don't use many people. But the idea behind the new platform concept is to install large modular process sections in unmanned areas to allow access by one or more robotic manipulators. In a few years, operators should be able to remain on land and to remotely control the oil drilling platforms. Obviously, this should reduce risks and costs. Tests have already started in a new laboratory in Trondheim. According to the plans, the researchers have 8 years in front of them to deliver the robotic tools able to control these very expensive platforms. But read more for additional references and pictures."

Billosaur writes "ZDNet's Police Blotter bring us the interesting story of a Pennsylvania man who brought his computer into Circuit City to have a DVD burner installed on his computer and wound up being arrested for having child pornography on his hard drive. Circuit City employees discovered the child pornography while perusing Kenneth Sodomsky's hard drive for files to test the burner, then proceeded to call the police, who arrested Sodomsky and confiscated the computer. Sodomsky's lawyer argued in court that the Circuit City techs had no right to go rifling through the hard drive, and the trial court agreed, but prosecutors appealed and the appeals court overturned the lower court's decision, based on the fact that Sodomsky had consented to the installation of the DVD drive."

DaMan writes "ZDNet takes Firefox 3.0 beta 2 for a spin and draws some conclusions that should be sweet music to Mozilla's ears. "Beta 2 feels snappier and far more responsive than beta 1 (or Firefox 2.0 for that matter) and I can feel the difference on all the systems that I've tried it on — from a lowly Sempron system to my quad-core monsters. No matter what you want doing — opening a new tab, moving tabs, opening up Find, zooming in and out of the page, bookmarking — it all happens swiftly and smoothly. What surprises me about the Firefox 3.0 beta is how many memory leaks that Mozilla have fixed. Complaints of memory leaks with Firefox 2.0 were met with an attitude of "Leaks? What leaks?" Considering that there have been more than 300 leaks plugged, it's obvious that past versions leaked like sieves.""

eldavojohn writes "A ZDNet blog reports stats from Secunia showing OSX averaged 20.25 vulnerabilities per month while XP & Vista combined averaged 3.67/month. Is this report card's implication accurate, or is this a symptom of one company turning a blind eye while the other concentrates on timely bugfixes? 'While Windows Vista shows fewer flaws than Windows XP and has more mitigating factors against exploitation, the addition of Windows Defender and Sidebar added 4 highly critical flaws to Vista that weren't present in Windows XP. Sidebar accounted for three of those additional vulnerabilities and it's something I am glad I don't use. The lone Defender critical vulnerability that was supposed to defend Windows Vista was ironically the first critical vulnerability for Windows Vista.'"

christian.einfeldt writes "In the world of Free Open Source Software communities, Microsoft is often viewed as the very epitome of the Cathedral-style model of software production. But is Bill Gates learning from the software development phenomenon that he once compared loosely to communism? In commenting on the results of a Microsoft-commissioned survey of approximately 500 board-level executives about the importance of interpersonal skills versus raw IT coding skills, Gates starts to sound a bit more like a member of the Apache Foundation than the take-no-prisoners king of cut-throat competition: 'Software innovation, like almost every other kind of innovation, requires the ability to collaborate and share ideas with other people, and to sit down and talk with customers and get their feedback and understand their needs.'."

Bryan29 writes ""Next door to our offices was a spam operation... One day they weren't there anymore". Apparently in the past several months some black hat SEO companies (comment spammers) closed shop. Mr. Evron explores using a couple of case studies how spam was directly impacted by the UIGEA online Casinos law, disallowing payment processing, and how the subprime mortgage collapse made many former clients of spammers "move on". The article draws its conclusions from an economic standpoint "Perhaps the next step policy makers should take is to work to change this economy, possibly by legalizing and regulating ... More to the point, they can make the act of processing funds for this type of operation illegal.""

DaMan writes "ZDNet's Hardware 2.0 blog is pondering the Kindle this week. There have been many attempts at an ebook reader in the past; why does Amazon think it can do any better? Given the high cost and DRM issues, will cachet be enough to win them financial success? Will the 'Cult of Kindle' help guarantee Amazon's success in the ebook reader market? 'A group of people willing to give it a five star rating just because someone else didn't, willing to back up every design, engineering and marketing decision that Amazon made, willing to defend the Kindle with their last dying breath. The Kindle doesn't cost money, it saves money. That 0.75 second flash as the pages turn isn't a downside because it gives you an opportunity to take in the previous page. It doesn't harm your eyes, in fact, it fixes them. Ergonomic issues that other reviewers have bought up are dismissed by the Cult of Kindle as flaws with the reviewer, not the device. The Kindle is perfect, and the Kindle 2.0 will be a little more perfect.'"

DoroSurfer writes "ZDNet is reporting that 23andme.com will open its doors on Monday, allowing you to send them a cheek swab and have your DNA analyzed for $999 (plus shipping, of course... ;)). So what's a thousand bucks buy you? They can tell you your ancient ancestry, They can tell you what diseases you're predisposed to, They give you a "Gene Explorer" that allows you to do a search in your genome to find out if you have a certain gene (e.g., you just heard on the news that Gene XYZ has been linked to Alzheimer's Disease)."

explosivejared writes "ZDNet is running an article on the "mobile implementation of the bittorent protocol which says 'Mobile implementations of the BitTorrent protocol are nearly certain to be part of whatever Google Android comes up with, and if not someone will have one for the open platform straightaway. Already a Windows Torrent product is on Version 2.0, and given the video capability of the iPhone it's clear Apple is not going to let this opportunity pass by. A Symbian Torrent program is on Version 1.3."

Roland Piquepaille writes "The European Union has funded an ambitious project related to wearable technology. The project, named WearIT@work, will end in one year and invested funds are expected to exceed 23 million euros. The goal is to replace traditional interfaces, such as screen, keyboard or computer unit, by speech control or gesture control without modifying the applications. This wearable system is currently being tested in four different fields including aircraft maintenance, emergency response, car production and healthcare."

eldavojohn writes "I found a brief blog by Marc Fleury on something that seems to almost be an oxymoron — what you need to legally protect in Open Source Software. The short of it is that you should trademark your name and brand it. Which might explain Xen's stance on the use of the brand 'Xen'. Another short blog notes that you should also maintain control of your distribution channels. Fleury also states this interesting tidbit on protecting intellectual property in OSS, 'Short of filing patents, there isn't much you can do in OSS. Let's face it the IP is there for everyone to see. If you are in a mode where a lot of the value is the code itself then open sourcing under GPL or equivalent reciprocal license may be a good choice for you. At least you will make sure that ISV's that re-use your license get in contact with you and many of them will pursue dual-licensing, a strategy that is known to work to monetize an OSS user base (mySQL).' Is there anything else you should take measures to protect in open source software? Is it possible to maintain control of a project under the GPL or are you constantly faced with forks?"

DaMan writes "ZDNet picks up on yesterday's Firefox 3 beta 1 review by comparing the memory usage of Firefox 2 against the latest beta. The results from one of the tests is quite interesting, after loading 12 pages and waiting 5 minutes, 2 used 103,180KB and 3 used 62,312KB. IE used 89,756KB.""

DaMan writes "ZDNet picks up on yesterday's Firefox 3 beta 1 review by comparing the memory usage of Firefox 2 against the latest beta. The results from one of the tests is quite interesting, after loading 12 pages and waiting 5 minutes, 2 used 103,180KB and 3 used 62,312KB. IE used 89,756KB.""

walk*bound writes "In an essay published by ZDNet, security scientist Dan Geer has an interesting proposal for e-commerce sites to evaluate the trustworthiness of clients that try to connect. Assume that end users either always say 'Yes' or always say 'No' to security dialog boxes. Then make the decision one of two ways: 'When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say "Yes" and thus they are so likely to be infected that you must not shake hands with them without some latex between you and them. In other words, you should immediately 0wn their machine for the duration of the transaction — by, say, stealing their keyboard away from their OS and attaching it to a special encrypting network stack all of which you make possible by sending a small, use-once rootkit down the wire at login time, just after they say "Yes."'"

DaMan writes "The newly-released Firefox 3 beta 1 has been reviewed by ZDnet and the verdict is that it is good. 'Is Firefox 3.0 going to be better? Given what I'm seeing so far, I think so. Why? Because it looks like Mozilla have gone back to basics and worked on what really matters to users — security, speed and ease of use ... Everything about Firefox 3.0 beta 1 is fast. The download package is small which means that it comes in fast, the installation is fast, the browser fires up fast, pages and tabs open fast, the browser shuts down fast, and the uninstall process is fast and painless.'"

4 for 52 writes "ZDNet is reporting that Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard. The acknowledgment comes less than a month after independent researchers threw cold water on Apple's claim that Leopard's firewall can block all incoming connections. The firewall patches come 24 hours after a Mac OS X update that provided cover for at least 41 security vulnerabilities."

4 for 52 writes "ZDNet is reporting that Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard. The acknowledgment comes less than a month after independent researchers threw cold water on Apple's claim that Leopard's firewall can block all incoming connections. The firewall patches come 24 hours after a Mac OS X update that provided cover for at least 41 security vulnerabilities."

twitter writes "A recently reported Macrovision bug has actually been around for six years, according to Computerworld. 'Flawed antipiracy software now being exploited by attackers has been bundled with Windows for the last six years to protect game publishers, Macrovision Corp. said today. The "secdrv.sys" driver has shipped with all versions of Windows XP, Windows Server 2003 and Windows Vista ... users do not have to play a SafeDisc-protected game to be vulnerable.' The article goes on to play down danger and claim that Vista is safe, but ZDNet notes: 'Malware authors are actively exploiting a zero-day privilege escalation vulnerability ... [which] can be exploited overwrite arbitrary kernel memory and execute arbitrary code with SYSTEM privileges. This facilitates the complete compromise of affected computers.'"

Roland Piquepaille writes "The billion of images available from a site like Flickr has stimulated the imagination of many researchers. After designing tools using Flickr to edit your photos, another team at the University of Washington (UW) is using our vacation photos to create 3D models of world landmarks. But recreating original scenes is challenging because all the photos we put on Flickr and similar sites don't exhibit the same quality. With such a large number of pictures available, the researchers have been able to reconstruct with great accuracy virtual 3D model of landmarks, including Notre Dame Cathedral in Paris and the Statue of Liberty in New York City."

Kenny A. writes "Multiple news organisations are reporting on an in-the-wild Mac OS X malware attack that uses porn lures to plant phishing Trojans on Mac machines. The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec that's required for viewing the video. If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed, it has full control of the machine."

openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."

.mack notes a ZDNet blog outlining some of the security features added to OSX Leopard (10.5). Here's Apple's brief description of all 11 new security features. "Apple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks. The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses. Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls."

ta bu shi da yu writes "It appears that, incredibly, Vista can run out of memory while copying files. ZDNet is reporting that not only does it run out of memory after copying 16,400+ files, but that 'often there is little indication that file copy operations haven't completed correctly.' Apparently a fix was scheduled for SP1 but didn't make it; there is a hotfix that you must request."

Bowling for cents writes "There is evidence that the massive Storm Worm botnet is being broken up into smaller networks, and a ZDNet post thinks that's a surefire sign that the CPU power is up for sale to spammers and denial-of-service attackers. The latest variants of Storm are now using a 40-byte key to encrypt their Overnet/eDonkey peer-to-peer traffic, meaning that each node will only be able to communicate with nodes that use the same key. This effectively allows the Storm author to segment the Storm botnet into smaller networks. This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities."

Be Cool writes "According to ZDNet, Microsoft has steered itself into a real trust tarpit with Windows Update: 'See, here's the problem. To feel comfortable with having an open channel that allows your OS to be updated at the whim of a third party (even/especially* Microsoft ... * delete as applicable) requires that the user trusts the third party not to screw around with the system in question. This means no fiddling on the sly, being clear about what the updates do and trying not to release updates that hose systems. While any and all updates have the potential to hose a system, there's no excuse for hiding the true nature of updates and absolutely no excuse for pushing sneaky updates down the tubes. Over the months vigilant Windows users have caught Microsoft betraying user trust on several separate occasions and this behavior is eroding customer confidence in the entire update mechanism.'"

a-twitter writes "After months of insisting there is nothing to patch, Microsoft has done a complete 180 on the URI protocol handling vulnerability, announcing in a security advisory that a Windows update will be released to revise URI handling code within ShellExecute() to be more strict. The MSRC blog explains the background and offers more details on this issue."

50Mat writes "Adobe has fessed up to a dangerous code execution vulnerability affecting software programs installed on millions of Windows machines. The flaw, publicly disclosed more than three weeks ago, could allow hackers to use rigged PDF files to take control of Window XP computers with Internet Explorer 7 installed. It affects Adobe Reader, Adobe Acrobat Standard, Professional and Elements and Adobe Acrobat 3D."

Roland Piquepaille writes "A new composite plastic built layer by layer has been created by engineers at the University of Michigan. This plastic is as strong as steel. It has been built the same way as mother-of-pearl, and shows similar strength. Interestingly, this 300-layer plastic has been built with 'strong' nanosheets of clay and a 'fragile' polymer called polyvinyl alcohol (PVA), commonly used in paints and glue, which acts as 'Velcro' to envelop the nanoparticles. This new plastic could soon be used to design light but strong armors for soldiers or police officers. The researchers also think this material could be used in biomedical sensors and unmanned aircraft."

Clown of the month writes "There's a nasty worm hole in America Online's standalone AIM (instant messaging) software that won't be patched until the middle of October. This vulnerability, first reported to AOL by researchers at Core Security more than a month ago, is caused by the way AIM supports the rendering of HTML content via an embedded Internet Explorer server control. AOL coordinated with Core on the release of an advisory, on the understanding that the flaw was patched in the latest beta version. As security researcher Aviv Raff discovered, the underlying vulnerability was never fixed. In the demonstration, Raff simply sent an IM to trigger the launch of the calculator application. The attack scenario works without the target clicking on a link and only requires that the AIM user is logged on and accepting incoming messages."

Clown of the month writes "There's a nasty worm hole in America Online's standalone AIM (instant messaging) software that won't be patched until the middle of October. This vulnerability, first reported to AOL by researchers at Core Security more than a month ago, is caused by the way AIM supports the rendering of HTML content via an embedded Internet Explorer server control. AOL coordinated with Core on the release of an advisory, on the understanding that the flaw was patched in the latest beta version. As security researcher Aviv Raff discovered, the underlying vulnerability was never fixed. In the demonstration, Raff simply sent an IM to trigger the launch of the calculator application. The attack scenario works without the target clicking on a link and only requires that the AIM user is logged on and accepting incoming messages."

DaMan writes "According to the site WindowsSecrets, the stealth Update that Microsoft released back in August isn't quite as harmless as the company claims. The site's research has shown that when users try to do a repair to XP subsequent to the update, bad things happen. 'After using the repair option from an XP CD-ROM, Windows Update now downloads and installs the new 7.0.600.381 executable files. Some WU executables aren't registered with the operating system, preventing Windows Update from working as intended. This, in turn, prevents Microsoft's 80 latest patches from installing -- even if the patches successfully downloaded to the PC.' ZDNet's Hardware 2.0 has independently confirmed that this update adversely affects repaired XP installations: 'This issue highlights why it is vitally important that Microsoft doesn't release undocumented updates on the sly. Even the best tested update can have unpleasant side-effects, but if patches are documented properly and released in such a way that users (especially IT professionals) know they exist, it offers a necessary starting point for troubleshooting.'"

Keith writes "Gmail was launched on April 1, 2004, and has revolutionized the way many of us use email. The interface has remained largely untouched since it launched, but get ready, it's soon to undergo a change in what they describe as a 'New Version'. Only a select few people have access to use the new interface — mainly employees and trusted people outside the company called 'Trusted Testers'. From the ZDNet blog entry: 'Google lets every-day users who are fluent in both English and another language translate small snippets of English text into the language of their choice. This is how they can offer services in several languages without spending a dime on professional translators. Unfortunately, exposing sensitive information in this manner makes it hard to keep a secret. One of my readers, who wishes to remain anonymous, stumbled across an interesting snippet of text (which I confirmed exists) spilling the beans on a new version of Gmail that is either currently being tested, or about to be released to testing in short order.'"

Technical Writing Geek writes "Self-described 'professional paranoid' Peter Gutmann of the University of Auckland has become the most widely quoted source of information on DRM and content protection in Windows Vista. The trouble is, according to ZDNet Blogger Ed Bott, Gutmann's work is riddled with factual errors, distortions, contradictions, and outright untruths. From the lengthy piece: 'As Gutmann would know if he actually understood how HD hardware works, Vista will indeed display HD content on this monitor over the D-Sub and component video outputs, which are capable of outputting 1080p and 1080i signals, respectively. In the future, a content provider might choose to constrict the output to these devices, but that decision would apply only to a specific piece of media, and it would have to be disclosed on the package, giving the buyer the opportunity to choose not to purchase it.'"