Slashdot Mirror

Roberto Andressi writes "A few former Microsoft employees have launched a Web site that evaluates open-source projects. The site is intended as a way for first-time OSS users to 'get their feet wet' before diving into the large community of open source projects out there. The site, Ohloh, will provide background information on a prospective project. The folks behind the site even plan to include a lexicon of terms for very new users. " From the article: "'We collect from the infrastructure the open-source community uses to develop the software,' Ohloh co-founder and CEO Scott Collison told CNET News.com. 'It also serves as an open-source directory. You can find open-source projects and compare them, and gradually find one that's right for you.' The site could appeal to developers who are frustrated by the number of open-source projects that lack clear explanations. Ohloh also seeks to help developers make a build vs. buy decision by offering code analysis, said Collison, who along with co-founder Jason Allen, previously worked at Microsoft."

Mark Owen writes "With technology buzzwords becoming so commonly used in daily life, Webster and Oxford have both begun to include some new terms in their latest editions. Some of their newest additions include: adware, biodiesel, codec, digicam, google (as a verb), geocaching, hacktivism, mash-up, rewriteable, ringtone, spyware, and texting."

Darren Rayes writes to mention a ZDNet article on Cambridge academics' claims that they have breached the great firewall of China. They also claim that by misusing the firewall they can launch DDoS attacks against IP addresses behind the wall. From the article: "The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. By forging the source address of a packet containing a 'sensitive' keyword, people could trigger the firewall to block access between source and destination addresses for up to an hour at a time."

Ian Price writes "Red Hat is shrugging off Microsoft's entry into the cluster computing space after Microsoft announced that it has completed the code for its Windows Compute Cluster Server 2003 targeting high-performance computing. From the article: 'Scott Crenshaw, general manager of enterprise Linux platform at Red Hat, dismissed Microsoft's entry into cluster computing. "They're playing catch-up," he said. "Linux is often associated with high-performance computing, but Windows has never achieved that on a large scale."' Crenshaw also commented with respect to Ubuntu: 'Their user base is still small, so we're not seeing the impact of it [Ubuntu] so far.'"

Jasen Bell writes to mention a ZDNet article about a clever new worm affecting users of Yahoo!'s email service. The virus uses a flaw in JavaScript to infect a computer when an email is opened from the user's web-based mail. From the article: "The worm, which was spotted in the wild early this morning, has hit the remote server more than 100,000 times, forwarding Yahoo e-mail addresses harvested from unsuspecting users, Turner said. Although the worm is spreading quickly, and no patch has been issued, Symantec is rating the threat a '2.' The security vendor uses a 1-to-5 rating system, with '5' as its most severe category."

Lewis Clarke wrote to mention a ZDNet story about Monday's final approval of the rootkit settlement in the case brought against Sony BMG Music. From the article: "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments ... At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official. "

Vin Daryl writes "ZDNet reports on Microsoft's love-hate relationship with open-source software." From the article: "The interoperability lab focuses on getting products from open-source ISVs such as JBoss, to work on the Microsoft platform, he said. 'For example, we often collaborate with JBoss, but in certain areas we might compete with them. It's competition and cooperation,' Hilf explained. 'Over time, as you see the open-source marketplace maturing and becoming more commercial, I think you'll see more of that kind of dynamics. It's not something that's unique to Microsoft,' he said, adding that IBM and Oracle also compete, and at the same time, cooperate with open-source vendors. "

Julios Lanza writes "Alienware has chosen chipsets made by Airgo Networks to power two game-focused laptops. Alienware's 17-inch Aurora m9700 and 19-inch Aurora mALX notebooks are equipped with the Airgo's Gen3 True MIMO (multiple input, multiple output). Airgo's chips are designed to connect a computer with Wi-Fi systems at speeds fast enough to make high-performance gaming possible, Airgo executives said."

Nick Johnson writes to mention a new twist on phishing. From the article: "The spammed message warns of a problem with a bank account and instructs the recipient to dial a phone number to resolve it. The caller is connected to a voice response system that is made to sound exactly like the bank's own system. The phone system identifies itself to the target as the financial institution and prompts them to enter account number and PIN."

Erikson Wright writes to mention a ZDNet article, covering a call by open-source vendors to banking institutions. The groups are asking powerful financial firms to contribute more code to the open source community. From the article: "Concerns over competitive advantage mean that it can be difficult to persuade companies to share code with the open-source community, as it can then be easily accessed by competitors. But for technologies that have little impact on competitive advantage, financial companies could probably be encouraged to contribute code, the conference panel agreed ... 'If you're using open-source technology on Wall Street, unless you're completely reliant on a vendor to provide a certified version, you will probably invest extra time to fix it,' he said. 'What will you do with your fix? You can keep it to yourself, but if you move it upstream by passing it on to the vendor or submitting it as a patch, you know it will be available in the next version of the product. That's what drives most open- source development--collective self-interest.'"

Frank Clarkson writes to mention a ZDNet article about the upcoming release of 'Dapper Drake', Ubuntu Linux. They also give a mini-preview of Eft. From the article: "'I'm promising to impose (almost ;-) ) zero from-the-top requirements for Edgy, this release is entirely up the to development team to envision and implement,' he wrote. 'Almost everything that lands in Edgy will be driven from the development team, who get to play with whatever new technologies they fancy along the way. So that should give us a nice big bump in infrastructure and bling.'"

Zack Wells writes "Should online journalists receive the same rights as traditional reporters? Apple claims they should not. Its lawyers say in court documents that Web scribes are not 'legitimate members of the press' when they reveal details about forthcoming products that the company would prefer to keep confidential. That argument has drawn stiff opposition from bloggers and traditional journalists. This is related to a case of an Apple news site, PowerPage.org, who leaked information about a FireWire audio interface for GarageBand that has been codenamed 'Asteroid.' The subpoena is on hold during the appeal. In the lawsuit, filed in late 2004, Apple is not suing the Mac news sites directly, but instead has focused on still-unnamed 'John Doe' defendants. The subpoena has been sent to Nfox.com, PowerPage's e-mail provider, which says it will comply if legally permitted."

DemolitionX9 writes to tell us ZDNet has an interesting article rehashing the problems with privacy in future RFID-equipped travel documents and ID. The piece focuses on a recent speech given by Jim Williams, director of the Department of Homeland Security's US-VISIT program. From the article: "Many of the privacy worries center on whether RFID tags--typically minuscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number."

Richard Gray writes "Should Linux accept proprietary video/graphics drivers from likes of Nvidia and ATI ? The GPL written by FSF says that the license prohibits proprietary drivers. From the article: 'To write open-source graphics drivers without help from Nvidia or ATI is tough. Efforts to reverse-engineer open-source equivalents often are months behind and produce only 'rudimentary' drivers, said Michael Larabel, founder of a high-end Linux hardware site Phoronix ... Torvalds has argued that some proprietary modules should be permissible because they're not derived from the Linux kernel, but were originally designed to work with other operating systems.' The FSF however, sharply disagrees. 'If the kernel were pure GPL in its license terms...you couldn't link proprietary video drivers into it, whether dynamically or statically.' Where do you fall on this issue?"

Trax88 writes "Open Source Development Labs is previewing work that will attempt to make life easier for software companies by bridging GNOME and KDE. The effort, called Portland Project, began showing its first software tools on in conjunction with this week's LinuxWorld Conference & Expo. Using them, a software company can write a single software package that works using either of the prevailing graphical interfaces. Working with Freedesktop.org on unifying interface issues, they plan to release a beta version of the software in May and version 1.0 in June. Ultimately, advocates hope that it will be part of a larger but separate effort called Linux Standard Base, which is designed to make the operating system easier for software companies to use."

An anonymous reader writes "The U.S. House of Representatives will soon be considering the Data Accountability and Trust Act (DATA). If passed it would require all companies to inform customers of security breaches that affect their personal data. The bill requires consumers to be told if their privacy has been violated because of a breach. Under the proposals, if a breach does occur, a company must notify any customers concerned and the FTC, which can then demand an audit."

Jim writes "Microsoft has joined a committee that has a key role in the ratification of OpenDocument as an international standard, leading to accusations that it intends to sabotage the process. Microsoft has denied this accusation, claiming that the only reason why Microsoft employee Jim Thatcher has joined the group was to get involved in the ISO standardisation of its own file format." From the article: "'There sits Microsoft, waiting, like a spider,' wrote Jones, in a posting on her site. 'I am imagining ODF plodding along, with Microsoft asking questions, fine-combing through the comments, did you mean this or that?, getting bogged down in minutia until, lo and behold, either Microsoft's XML makes it as an ISO standard first, or they arrive neck and neck.'" More information here on a subject we touched on in a recent Slashback. update a few readers have asked for the clarification that MSFT has not joined ODF, but rather the "INCITS/V1 Technical Committee"

Ian wrote to mention a ZDNet article about several patents on wireless technology held by Google employees. From the article: "The patent applications, filed by Google employees Wesley Chan, Shioupyn Shen and former Google product management director Georges Harik, propose lowering the cost of wireless access by offsetting the costs via advertisements on the service. Google, which receives the bulk of its revenue from advertisers, is seeking to expand its potential advertising base by moving further into the wireless market."

Mitchell Bronze writes "Mozilla's Mike Shaver said in an interview that the upcoming Firefox 2 will have anti-phishing capability using technology that might come from Google." From the article: "With the continued rise in online attacks, security tools have become something Web browser makers can use to try to stand out. Microsoft plans to include features to protect Web surfers against online scams in Internet Explorer 7, due later in 2006. Similar functionality is already in Netscape 8 and Opera 8, both released last year. 'It is another example of the energy that has returned to the browser market,' Shaver said."

Kevin Young wrote to mention a ZDNet article which goes into some detail on new results from a Department of Homeland security initiative. It's called the 'Open Source Hardening Project', and (funded to the tune of $1.24 Million) the goals of the initiative are to use a commercial tool for source code analysis to buck up the security base of many OSS projects. LAMP (the conglomeration of Linux, Apache, MySQL, and PHP/Perl/Python) was a 'winner' in the eyes of the project. From the article: "In the analysis, more than 17.5 million lines of code from 32 open-source projects were scanned. On average, 0.434 bugs per 1,000 lines of code were found, Coverity said. The LAMP stack, however, 'showed significantly better software quality," with an average of 0.29 defects per 1,000 lines of code, the technology company said.'"

Joey Benington writes "Oracle plans to cut 2,000 jobs across the Siebel and Oracle work forces after completing its merger with Siebel last week. 'We will retain 90 percent of Siebel's support, development engineers, sales and sales consultants,' said Oracle CEO Larry Ellison. 'Most of the Siebel cuts will be in the back office, and nontechnical staff. The majority of the cuts will be Oracle people, not Siebel.'"

Andy Philips writes "A security bug in Winamp is being exploited by miscreants to install spyware on machines running the media player software. "After surfing to a malicious Web site on our test machines, the file 'x.pls' begins to download, Almost immediately, Winamp starts to execute the play list and remote code execution begins." Sunbelt's Adam Thomas wrote in a posting. The Winamp problem affects version 5.12 of the media player. Earlier versions may also be affected."

Hans W. Smith writes "Microsoft has unveiled Internet Explorer 7, releasing the new "preview" version of its Web browser to the general public for testing. The latest version works only with Windows XP Service Pack 2 and includes many of the features Microsoft has been touting for months such as: privacy protection,tabbed browsing and a search box similar to Firefox. They tried to outdo Firefox tab browsing with a feature call Quick tab which shows thumbnail view of all open tabs in a single window." Yup, you saw it yesterday. Posting before coffee never works.

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories, including Stallman's comments on GPLv3, Firefly fans clinging to hope, sentence handed down in student felony webpage refresh case, GP2X GPL issues resolved, Korean cloning scientist may get to keep his patents, Apple changes their tune for iTunes ministore, and much more -- Read on for details.

Richard Stallman speaks on GPLv3 and patents. Elton J. Won writes "A public forum on the updated GPL was held at the Massachusetts Institute of Technology. Although Stallman solicited comments from forum attendees. he made clear that the GPL version 3 will not alter the license's basic stance on software patents. From the article: 'the GPL version 3 is explicitly meant to discourage litigation based on software patents. "This is not a placeholder. This is the text we currently plan to go with unless we're surprised by seeing a better idea," Stallman said.'" Relatedly RMS also recently expounded on some of these thoughts in an interview with PCPro.

Firefly fans refuse to go quietly into the night. CMGaretJax writes "The Browncoats, a fan group based around the hit cult TV show Firefly, and the more recent movie, Serenity, have set up a website for donations from people who want to see another season of Firefly. So far they have raised $840 dollars against an estimated cost of 1 million per episode. An admirable attempt, and one that will hopefully pick up steam, the show really is too pretty to die."

Student receives sentence for felony web-page charge. EMB Numbers writes to tell us that Michael Stone, the student who was recently charged with a felony for encouraging others to bog down a school server with web page refreshes, has cut a deal with the prosecutor for a lesser misdemeanor offense -- criminal mischief. Stone was given a suspended sentence of 60 days in jail along with 20 hours of community service. Although he declined to comment on camera Stone's mother stated that she appreciate all the support he received from the online community.

GP2X GPL issues resolved. gizmateer writes to tell us that after quite a bit of noise from the online community it appears that Gamepark has bowed to the pressure and will be releasing the source for the most recent version of the GP2X firmware. From the article: "Please stop posting to this board about GPL. Dignsys will post up the sources to the new firmware version 1.3.0 next week on http://source.gp2x.de. They intend to release it once the binaries to said firmware have been released."

Korean cloning scientist may get to keep his patents. Billosaur writes "According to an article on the New Scientist web site, disgraced Korean cloning researcher Hwang Woo-Suk may get to keep his patents for the process of creating embryonic stem cells via cloning human embryos. Already the UK patent office is looking into the validity of the patents in Europe. From the article: 'As long as an invention is not clearly contrary to scientific laws - like time travel - research has no bearing on the grant of a patent.'"

Apple changes their tune for iTunes mini store. jjbelsky writes "Apple has modified the iTunes MiniStore in response to the anger caused by its release of personal information. All users of iTunes, whether or not the music store is enabled, are now presented with a page informing them that when a song is selected 'information about that item is sent to Apple.' Users who do not click on the 'Turn on MiniStore' button will not have their privacy invaded."

Targets of RIAA lawsuit turn on i2hub operator. Doros writes "After being forced to fork over thousands of dollars to the RIAA, students want i2hub operator Wayne Chang to cover their losses. From the article: 'At least 42 students have been named as defendants in John Doe lawsuits filed by the recording industry. The industry trade group has offered to settle each case for $3,750, lawyers for the students said Tuesday. "Had the students known that they were exposing themselves to copyright infringement liability by using the i2hub service, they likely would not have used the service," the legal group wrote.'"

Adults exempt from Chinese online limits. Dotnaught writes "The Chinese government has yielded to pressure from adult online gamers and exempted them from its online gaming addiction policy. The rules, which went into effect last October, require that after five hours of consecutive play, players cease earning any virtual rewards such as experience points or beneficial items. To avail themselves of the exemption, some 26 million gamers will have to register their real names and identity card numbers with the authorities. The system hasn't proven particularly effective -- minors reportedly skirt the limits by logging onto different accounts or switching to another game after reaching the time limit."

Bill Thompson follows up Mac security remarks. Bralkein writes to tell us that in response to the overwhelming amount of feedback Bill Thompson received on his recent Mac security article, he has penned a response to his critics. In his reply, he admits that there were a few flaws in his article, and he acknowledges the high level of security provided by OS X's UNIX foundations. However, he stands by his assertion that the Mac cannot boast complete immunity to all security problems. As a Mac user himself, he still believes that the Mac community needs to remember that security is still an issue for them, too.

wooppp writes "Microsoft has admitted to removing the blog of a Chinese journalist from MSN Spaces. The censored site has been re-hosted elsewhere after a short down-time, but is no longer accessible to the folks in China." From the ZDNet article: "MSN is committed to ensuring that products and services comply with global and local laws, norms and industry practices. Most countries have laws and practices that require companies providing online services to make the Internet safe for local users. Occasionally, as in China, local laws and practices require consideration of unique elements..."

Augustine J writes "A new alternative to Wikipedia called Digital Universe is the brainchild of, USWeb founder Joe Firmage and Larry Sanger, one of Wikipedia's earliest creators. This new site differs from Wikipedia by inviting acknowledged experts in a range of subjects to review material contributed by the general public. "The vision of the Digital Universe is to essentially provide an ad-free alternative to the likes of AOL and Yahoo on the Internet," said Firmage. "Instead of building it through Web robots, we're building it through a web of experts at hundreds of institutions throughout the world.""

George Meyson writes "Google has launched a new service known as Google Music that will allow a person to search fast links to song lyrics, musical artists and CD titles on the main search results page. The user can type in the name of a band, artist, album or song in the main Google search bar special, and results will appear at the top, accompanied by icons of music notes. Items that can be purchased will have links to merchants for online ordering or downloading. Initial merchant partners include Apple Computer's iTunes service, RealNetworks Rhapsody, eMusic and Amazon.com." From the Google Blog: "A few of us decided to try to make the information you get for these searches even better, so we created a music search feature. Now you can search for a popular artist name, like the Beatles or the Pixies, and often Google will show some information about that artist, like cover art, reviews, and links to stores where you can download the track or buy a CD via a link at the top of your web search results page."

Ivan Mark writes "Christopher Beard, the VP of products at Mozilla Corporation, told ZDNet UK on Monday that there is a 'strong likelihood' that Firefox 1.5, the next major version of the open source browser, will be released on 29 November. Beard said they are planning a 'big marketing push.' 'You will have real people telling you about Firefox's features-- what's cool and great,' said Beard. 'People can create the video and upload it to the Mozilla site. The video will then be reviewed and put on our Web site, with a link from their location.'"

blacksilver writes "The chief executive of the Open Source Development Labs (ODSL) has said that the threat facing Linux from software patent-infringement claims has receded. From the article: 'Lots of people who hold a lot of patents have looked at this issue, and nothing's come of it ... There's always been a suspicion that some of them [the alleged infringing patents] were held by Microsoft, so this could be an issue ... our customer advisor people speak to people, including major customers who run both Windows and Linux, and they say it's not an issue,'"

Kelvin Ekston writes " Red Hat is listed among ZDNet Asia's 50 Top Tech companies 2006. It is also one of the fastest growing companies with 210.4% year on year income growth over 4 years. While almost all Linux companies grapple with the perennial question of how they can make money through software subscriptions and services rather than selling packaged boxes, Red Hat finally managed to improve credibly and match the hype with substance and show the way to do business with Linux. That's the way to go!"

Kelvin Ekston writes " Red Hat is listed among ZDNet Asia's 50 Top Tech companies 2006. It is also one of the fastest growing companies with 210.4% year on year income growth over 4 years. While almost all Linux companies grapple with the perennial question of how they can make money through software subscriptions and services rather than selling packaged boxes, Red Hat finally managed to improve credibly and match the hype with substance and show the way to do business with Linux. That's the way to go!"

Kelvin Ekston writes " Red Hat is listed among ZDNet Asia's 50 Top Tech companies 2006. It is also one of the fastest growing companies with 210.4% year on year income growth over 4 years. While almost all Linux companies grapple with the perennial question of how they can make money through software subscriptions and services rather than selling packaged boxes, Red Hat finally managed to improve credibly and match the hype with substance and show the way to do business with Linux. That's the way to go!"

Annto Dev writes "Computer security expert, Bruce Schneier feels that vendors are to blame for 'lousy software'. From the article: 'They try to balance the costs of more-secure software--extra developers, fewer features, longer time to market--against the costs of insecure software: expense to patch, occasional bad press, potential loss of sales. The end result is that insecure software is common...' he said. Last week Howard Schmidt, the former White House cybersecurity adviser, argued at a seminar in London that programmers should be held responsible for flaws in code they write."

Sean Feryl writes "Adobe Systems, IBM, Intel, Hewlett-Packard, Novell, RealNetworks and Red Hat are all backing the new Linux standards effort led by the Free Standards Group to form standards for key components of Linux desktop software, including libraries, application runtime and install time. The goal is to encourage the development of more applications for the Linux platform. 'With this complex and costly development and support environment, independent software vendors may choose not to target the Linux desktop, leading to reduced choice for end users and an inability to compete with proprietary operating systems', the group said." Also covered on FoxNews.

Martin Boleman writes "ZDNet reports that Sen. Norm Coleman, a Republican from Minnesota, said his nonbinding resolution would protect the Internet from a takeover by the United Nations that's scheduled to be discussed at a summit in Tunisia next month. "The Internet is likely to face a grave threat, If we fail to respond appropriately, we risk the freedom and enterprise fostered by this informational marvel and end up sacrificing access to information, privacy and protection of intellectual property we have all depended on." he said in a statement."

Bays Fil wrote to mention a ZDNet piece discussing the U.S. Patent Office's rejection of two Microsoft patents on the FAT file system. "There has been concern that if the FAT patents are upheld, Microsoft may claim that Linux infringes on Microsoft technology and will seek a royalty. Any monetary compensation could threaten the operating system, which under General Public License (GPL) terms may not be distributed if it contains patented technology that requires royalty payments." Relatedly, Dayrl writes "Microsoft reiterates its firm decision not to offer its Office Suite on Linux anytime soon. From the article: 'Microsoft is 100 percent focused on Windows: We have invested billions of dollars in it. We have created Office for the Mac but--and I thought I had been clear on this already when I said 'No'--we have no plans at this time to build Office on Linux,' Nick McGrath, Microsoft's head of platform strategy said.'

Bays Fil wrote to mention a ZDNet piece discussing the U.S. Patent Office's rejection of two Microsoft patents on the FAT file system. "There has been concern that if the FAT patents are upheld, Microsoft may claim that Linux infringes on Microsoft technology and will seek a royalty. Any monetary compensation could threaten the operating system, which under General Public License (GPL) terms may not be distributed if it contains patented technology that requires royalty payments." Relatedly, Dayrl writes "Microsoft reiterates its firm decision not to offer its Office Suite on Linux anytime soon. From the article: 'Microsoft is 100 percent focused on Windows: We have invested billions of dollars in it. We have created Office for the Mac but--and I thought I had been clear on this already when I said 'No'--we have no plans at this time to build Office on Linux,' Nick McGrath, Microsoft's head of platform strategy said.'

Sans writes "Dell began offering a new desktop Dimension E510n PC this week with no operating system installed. The machine is designed for people who want to run open-source software such as Linux instead of Windows. The PC comes with a blank hard drive and a copy of the FreeDOS operating system, which can be installed by customers."

Open Source movements have been gaining popularity everywhere, but not everyone is happy about that. Johans wrote to mention a ZDNet Asia story discussing a controversy within the Malaysian computer industry over the government's 'Public Sector Open Source Software Masterplan. From the article: " ... the government has stated that its first choice in IT procurement are infocomm technology solutions developed on the open-source platform. It states that 'in situations where advantages and disadvantages of open-source software (OSS) and proprietary software are equal, preference shall be given to OSS' ... However, some industry consortiums have stepped out to voice their concerns over this policy." Meanwhile, Anonymous Coward wrote to mention a Fox News article entitled 'Massachusetts Should Close Down OpenDocument', calling the attention of journalists to the 'huge mistake' that Massachusetts is making by switching to OpenDocument. From that article: "Officials in the state have proposed a new policy that mandates that every state technology system use only applications designed around OpenDocument file formats. Such a policy might seem like something that should concern only a small group of technology professionals, but in fact the implications are staggering and far-reaching. The policy promises to burden taxpayers with new costs and to disrupt how state agencies interact with citizens, businesses and organizations."

Sam Wil writes "Apple has acknowledged a flaw in the iPod nano screen that results in cracking, and attributes it to poor vendor quality. The defect affects less than one-tenth of 1 percent of all the nanos that have shipped so far. Apple will replace the screen of affected units for free." From the article: "However, the representative said that the screen-cracking issue is separate from reports that the slim new music player is more easily scratched than prior models. Complaints about both issues surfaced shortly after Apple introduced the flash memory-based Nano earlier this month. 'A few vocal customers are saying their Nano is more susceptible to scratching than prior iPods,' the Apple representative said. Apple said the Nano is made of the same polycarbonate plastic as the fourth-generation iPod and said it does not believe the scratching problem is widespread." You may recall we had a lively discussion about the screen-scratch flaw a short while back.

Neil writes "The Mozilla Foundation has published an initial roadmap for 'Lightning', the project to integrate its calendar application Sunbird with its email application Thunderbird."

Celpha writes "According to security firm F-Secure, a Trojan virus (Cardtrap.A) attacks Symbian mobile phone operating systems, attempting to infect users' PCs if they insert the phone's memory card into their computers. From the article: 'We expect to see more of this on the mobile front,' an F-Secure chief research officer said. Trend Micro issued a media alert stating it is a 'fully functioning' mobile threat. However, Antivirus firm Sophos slams the claim of this first example of a serious mobile malware threat as just plain bonkers."

Celpha writes "According to security firm F-Secure, a Trojan virus (Cardtrap.A) attacks Symbian mobile phone operating systems, attempting to infect users' PCs if they insert the phone's memory card into their computers. From the article: 'We expect to see more of this on the mobile front,' an F-Secure chief research officer said. Trend Micro issued a media alert stating it is a 'fully functioning' mobile threat. However, Antivirus firm Sophos slams the claim of this first example of a serious mobile malware threat as just plain bonkers."

wellington wrote to mention a ZDNet blurb about a Gartner group study. Gartner indicates that 'mainstream' use of open source in IT environments may be 5 years away. From the article: "Gartner's latest Linux 'hype cycle' report shows that open source is halfway to maturity but warns the biggest test will be whether it can demonstrate the necessary performance and security to function as a data centre server for mission-critical applications. Leading-edge businesses are generally still in the early stages of Linux deployments but Gartner expects increased commercialisation and improved storage and systems management for the operating system by the end of 2005, with Linux being used primarily for WebSphere and infrastructure applications on mainframes and web services on blades and racks."

Silverdot writes "In an article on ZDNet, the author brought up a few cases of uneasy relationships between security researchers and software firms. While those who report the bugs should first seek to notify and work with the software firm to resolve the flaw, One researcher commented: "All researchers should follow responsible disclosure guidelines, but if a vendor like Microsoft takes six months to a year to fix a flaw, a researcher has every right to release the details." Should the onus be on the software firm to manage each issue and the relationship well, or does it fall to the morally responsible user?"

San writes "ZDNet is reporting that MSN has launched its first paid-search advertising application. The system will first be launched in Singapore and will be followed by France in September and a pilot run in the United States in October."

Jac writes "An interview with ZDNet reveals the low opinion Stuart Cohen, chief of Open Source Development Labs(OSDL), has of a recent Microsoft proposal to conduct a joint study on on deploying Microsoft Vs Linux. From the article: 'As far as working with Microsoft on a study, Microsoft could probably find one negative line on Linux in a 100-page research report that it would spend $10 million marketing while ignoring the other 99 pages...' An interesting follow-up to a recent Slashdot article.

Danse writes "ZDNet reports that future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken. According to papers presented at the Usenix Security Symposium, just as surveillance cameras are sometimes hidden the locations of the Internet sensors are kept secret. From the article: 'If the set of sensors is known, a malicious attacker could avoid the sensors entirely or could overwhelm the sensors with errant data.' A team of computer scientists from the University of Wisconsin wrote up the background in their award-winning paper titled 'Mapping Internet Sensors with Probe Response Attacks.'"

TPIRman writes "At Gartner's recent IT Security Summit, the research company's analysts identified five over-hyped security concerns. Among the supposed FUD are mobile malware, unsafe VoIP, and cracker-friendly wireless hotspots. Gartner, which has made a name for itself tracking hype, claims that irrational anxiety is holding back technologies that offer benefits greater than their security risks. A Techworld columnist argues, though, that Gartner is sending mixed messages."

fintler was the first of many to tell us about the ZDNetAsia and Philippine newspaper stories that proclaim that RSA encryption has been "cracked." This might make an entertaining movie plot but it isn't true. I bet cryptographers get hot tips like this from well-meaning amateurs all the time, but most of them don't get this much press. Here's a cleaned-up edit of what's been bouncing around your inboxes all day (read parts [F] and [I]), and for a briefer commentary by the "R" in RSA, read on.

Hi Jamie --

Thanks for checking with me.

A fellow by the name of Leo de Velez from the Phillipines had thought he had broken RSA, and a reporter colleague wrote up this story and published it. This is probably what you have heard about.

Mr. Velez also wrote to me with his ideas. Unfortunately for him, his approach is actually much *slower* than the naive approach to factoring by trial division by 2, 3, 4, .... His approach doesn't improve on any known techniques, and doesn't constitute a "break" of RSA at all.

If you write to Mr. Velez (leo at teammail dot com) he will confirm...

Thanks again for checking...

Feel free to quote me...

Cheers,
Ron Rivest