Search
Search the archive with full-text matching across story titles, bodies,
and comments. Phrases are quoted; or, -word,
and parentheses behave as in a web search. Queries must be at least
3 characters.
Stories · 3,636
-
What Would You Demand From Your IT Department?
ZombieLine asks: "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year. Additionally, they haven't been able to sell needed changes to senior management. Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice. We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?" What services and responsibilities would you demand out of your IT department?
-
Second Coming of the DS Lite
DS News writes "Gamespot has posted news that the release of the Enamel Navy and Ice Blue has been just as much a sell-out success as the White DS Lite event a week ago. From the article: 'Following last week's launch of the Crystal While DS Lite, Nintendo Co, Ltd. shipped its Ice Blue and Enamel Navy models today in Japan. Considering that the handheld has already made one debut, the industry wasn't expecting the same high turnout for these new models. But contrary to conventional wisdom, the machine's second launch drew even more demand than the first.'" As with the White launch, Kotaku has a man on the ground with impressions from the Japanese launch day.
-
Nanotube Paint Blocks Cell Phones on Demand
Kozar_The_Malignant writes "Newsday is reporting on a new nanotube paint that is able to block cell phone signals on demand. The nanotubes are filled with copper, suspended in paint, and can be applied to the walls and ceiling of places such as concert halls, churches, and classrooms."
-
Justice Dept. Rejects Google's Privacy Concerns
Philip K Dickhead writes "The Associated Press is reporting that the Justice Department rejected Google's concerns over a Bush administration demand to examine millions of its users' Internet search requests on privacy grounds. The department claims this will help revive an online child protection law that the Supreme Court has blocked, by proving that Internet filters are not strong enough to prevent children from viewing pornography online. A federal court hearing is scheduled in San Jose, California, March 13th."
-
Invasion of the Body Snatchers
theodp writes "Newsweek reports that a grim trade in stolen human tissue isn't just the stuff of Robin Cook novels. Demand for the tissue, which is used in such procedures as joint and heart-valve replacements, back surgery, dental implants and skin grafts, has driven the price for a single harvested body up to $7,000. Many unsuspecting recipients are now rushing to doctors to be tested for tainted tissue."
-
U.S. IT Hiring Increases Despite Outsourcing
surefooted1 writes "A CNN article reports that a new study has shown that U.S. tech hiring has increased, despite oversees outsourcing. It mentions that the job market is higher today than it was at the height of the dot-com boom." From the article: "The study suggests that there are several factors in the continued growth in demand for IT workers here. The report said part of it is due to the use of offshoring by U.S. companies, including start-up firms, to limit their costs and thus grow their businesses. That, in turn, creates more opportunities here even as an increasing amount of work is done overseas. The study also said that companies from a variety of sectors in the economy continue to discover greater efficiency and more competitive operations through investment in IT."
-
IBM Subpoenas HP, Baystar, Sun & Microsoft
nicolaiplum writes "CNet is reporting that IBM is sending subpoenas to HP, Baystar, Sun and Microsoft requiring them to disclose most of their dealings with SCO over UNIX licensing and litigation." From the article: "The subpoenas demand that Microsoft, HP, Sun and BayStar hand over a range of information, including details of their dealings with SCO, by March 7. They will also have to appear in court later in March to give depositions." Groklaw also has links to each of the subpoenas.
-
Film Studios Sue Samsung Over DVD players
Lam1969 writes "The Korea Times reports that five U.S. film studios have taken Samsung to court for selling DVD players which allow users to bypass DRM features. The film companies, including Walt Disney and Time Warner, are demanding Samsung recall the players. According to a Samsung spokesman quoted in the article, the movie studios probably 'take issue' with Samsung's HD841 model, which Samsung sold in the United States for five months in 2004."
-
Third Party Code Review?
An Anonymous Coward asks: "It looks like our sale-person is about to land a big contract with a very large US Bank, however there is a large catch in that the bank is demanding that we let them do a full audit on the source code of the software application we are selling them. After the recent rash of identity thefts of credit card and other personal info, they now mandate that all internet facing applications that store potentially private information have to have a full source code audit. This includes software from 3rd party vendors such as my company. They want to run our Java code through some software called Fortify (we looked up the price -- around $80,000) and also do a manual analysis of the code. This software is our company's life-blood. We would be ruined if it fell into a competitor's hands. We aren't storing private information about their customer's; all of the information can be found from government county auditor web sites. I understand their point of view, but it is a very scary step for us to take. Has anyone else done this and how did it work out?"
-
Esther Dyson on the Value of Attention
Christian Ahlert writes "OpenBusiness talked to Esther Dyson about how business models are adapting to an internet environment that champions openness. Esther's upcoming PC Forum focuses on how users are transforming the internet and placing new demands on businesses. From Open Source to Open Content, new forms of organization, production and distribution are emerging. But how can these ventures produce a revenue and sustain themselves? For how long can we give content away for free?"
-
Legend of Zelda Celebrates 20 Years
The Legend of Zelda is one of the most beloved gaming franchises Nintendo has created. It is also celebrating two decades of life this week. 1up has a great feature on the anniversary, exploring the different games in the series with a list of 'stuff to love'. From the article: "Twenty years ago this week -- February 21, 1986 -- thousands of Japanese gamers played The Legend of Zelda for the first time, and their perspective on gaming was forever changed. Here was a huge world, a massive quest, an open-ended odyssey that demanded exploration. When we Americans first placed that golden cartridge in our Nintendo Entertainment Systems a few months later, we learned what our friends overseas had already discovered: Zelda was addictive. It was adventurous. It was ambitious. It was amazing." Four Colour Rebellion also has commentary on this auspicious occasion, with a Happy Birthday look back and some fond remembrances.
-
Google's Response to the DoJ Motion
neoviky writes "Google Inc. on Friday formally rejected the U.S. Justice Department's subpoena of data from the Web search leader, arguing the demand violated the privacy of users' Web searches and its own trade secrets. Responding to a motion by U.S. Attorney General Alberto Gonzales, Google also said in a filing in U.S. District Court for the Northern District of California the government demand to disclose Web search data was impractical."
-
Has World Oil Production Passed Its Peak?
dido writes "Princeton University geology Professor Kenneth Deffeyes has been studying world petroleum production data and has come to the conclusion that the world hit peak oil last December 16, 2005. If he is correct, total world oil production will never surpass what was produced last December. From the article: 'Compared to 2004, world oil production was up 0.8 percent in 2005, nowhere near enough to compensate for a demand rise of roughly 3 percent. The high prices did not bring much additional oil out of the ground. Most oil-producing countries are in decline."
-
Essential PHP Security
Michael J. Ross writes "Given the remarkable popularity of PHP for developing dynamic Web sites, as well as the ever-increasing need for security on those same sites, one would think that there would be great demand for — and comparable supply of — books that explain how to create secure sites using PHP. However, such is not the case, and even the most extensive general purpose PHP books may only devote a single chapter to this critical topic, if that much. Essential PHP Security, written by PHP expert Chris Shiflett, aims to fill the gap." Read the rest of Michael's review. Essential PHP Security author Chris Shiflett pages 109 publisher O'Reilly Media rating 7 reviewer Michael J. Ross ISBN 059600656X summary A concise introduction to PHP security principles and practices.
O'Reilly has a Web page for the book, where they offer a sample chapter (Chapter 4: Sessions and Cookies), in PDF format, as well as the book's table of contents, index, errata, and links to the online version of the book, in O'Reilly's Safari service. As of the writing of this review, the confirmed errata is reassuringly sparse, and the unconfirmed errata is nonexistent, which speaks well of the author keeping on top of reader feedback — a worthy quality not shared by all technical writers. The author also has his own Web site dedicated to the book, where he has posted a table of contents, brief reader reviews, and two free chapters in PDF format: Chapters 2 (Forms and URLs) and 4.
In the book's forward, Andi Gutmans briefly explains how increasing Internet usage has resulted in a corresponding increase in security risks, for individuals and businesses operating online. He also notes that most of the security problems related to PHP-based applications, are not the result of weaknesses in the language itself, but rather in the way that developers have used the language in creating those applications. The intent of the book is to bring together the guidelines and lessons learned for writing secure PHP code, into a single volume. He concludes by noting that most of the principles presented in the book apply equally well to other Web development languages.
The bulk of the book's material is organized into seven chapters, focusing on the following topics: forms and URLs, databases and SQL, sessions and cookies, includes, files and commands, authentication and authorization, and shared hosting. These are preceded by an introduction, which oddly is labeled as a chapter. The true chapters are succeeded by three appendices, which cover the topics of configuration directives, functions, and cryptography. A short index rounds out the volume.
In the introduction, Shiflett presents the security-related PHP features, principles, and best practices that he uses as a foundation throughout the rest of the book, when focusing on the specific PHP topics covered by all of the subsequent chapters. The two features of PHP discussed are: register globals, of which most experienced PHP developers know the dangers, and PHP's error reporting capabilities. The four principles espoused by the author for writing secure PHP systems are: safeguard redundancy, minimum privileges, clarity through simplicity, and minimizing data exposure. The heart of the book appears to be his four recommended practices: tempering usability with security, tracking input and output data, filtering all input, and escaping or encoding output to preserve its meaning.
The seven topic chapters that follow the introduction provide fairly terse coverage of how those principles and practices are put to use, when designing and implementing forms, URLs, SQL commands, sessions, cookies, etc. Each subtopic within them is discussed briefly, and illustrated with code snippets.
If anyone is well-suited to writing such a work, it is Chris Shiflett, a well-known authority on PHP security, a respected contributor to the PHP community, founder and spokesman of the PHP Security Consortium, and founder and President of Brain Bulb, a PHP consulting firm.
In light of the author's expertise, one would presume that he would make every effort to write the definitive volume on PHP security — covering every conceivable topic, including: execution of system commands, verification of user IDs and authorization, e-mail spamming via Web forms, (the related topic of) exclusion of bots, and remote procedure calls. However, Essential PHP Security does not discuss those critical matters specifically. Moreover, the topics chosen are discussed in a rather cursory manner. The code samples throughout the book are generally quite minimal, with little to no explanation as to how they work. In addition, many of the techniques presented are but variations on the theme of "filter user input." These weaknesses may be why the book clocks in at only 109 pages. In fact, the seven core chapters comprise only 71 pages, leaving the reader to wonder how PHP security could possibly be adequately plumbed by such a short treatment.
On the other hand, there is something to be said for terse writing, as wizened fans of Kernighan and Richie's C language classic can attest. In agreement would be any developer who has purchased one of the many 700+ page technical tomes that turn out to be padded with excessive margins, poorly-tested code, and pointless appendices lifted from the respective products' documentation. Perhaps Shiflett intended his book to be more a primer on PHP security, rather than a comprehensive coverage — and hence the title of the book. As such, it would primarily be of value to PHP developers unfamiliar with basic security pitfalls and defenses. Regardless, any PHP developer would be wise to begin with this book as a first step towards PHP security mastery, but even wiser if they were to follow it up with more substantial works, as well as keeping current by reading security-focused Web sites and other current publications.
Michael J. Ross is a freelance writer, computer consultant, and the editor of PristinePlanet.com's free newsletter."
You can purchase Essential PHP Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Are Web Firms Giving in to China?
Carl Bialik from the WSJ writes "Google and other Internet companies are sending executives to Capitol Hill for a hearing next week seeking to answer the question: Are U.S. companies giving in to China's censorship demands too easily? Chris Smith, New Jersey Republican and chairman of the House human-rights subcommittee that is holding the hearing, tells the Wall Street Journal, 'I was asked the question the other day, do U.S. corporations have the obligation to promote democracy? That's the wrong question. It would be great if they would promote democracy. But they do have a moral imperative and a duty not to promote dictatorship.' The WSJ notes an irony: Google is fighting for 'Internet freedom' in the U.S., by resisting the Justice Department's request for information on user searches."
-
WoW the Next "Golf"?
TheGrapeApe writes "1up has an article about the possibility of World of Warcraft becoming the next "Golf": A place where friends, acquaintances, and perhaps even business partners will meet up to "talk shop" and swap stories. Personally, I can't wait until I have my next job interview in the Deadmines. " I demand extra healing and mana pots from all my employees.
-
Surveillance Is on the Rise, Straining Carriers
Carl Bialik from the WSJ writes "The number of telephone wiretaps from 2000 to 2004 authorized by state and federal judges increased by 44%, the Wall Street Journal reports, in part because of a rise in terrorism investigations after 9/11, and because the Patriot Act extended surveillance to Internet providers. All the surveillance activity can put a strain on carriers. 'Smaller telecom companies in particular have sought help from outsiders in order to comply with the court-ordered subpoenas, touching off a scramble among third parties to meet the demand for assistance', the WSJ reports, adding, 'Government surveillance has intensified even more heavily overseas, particularly in Europe. Some countries, such as Italy, as well as government and law-enforcement agencies, are able to remotely monitor communications traffic without having to go through the individual service providers. To make it easier for authorities to monitor traffic, some also require registering with identification before buying telephone calling cards or using cybercafes.'"
-
MMORPG King of the Hill
eToyChest has a look at some current MMOG market leaders, and specifically takes a look at what they're 'good' at. If you've been thinking about playing an online game, this might be a useful tool to help pick the one game you'll enjoy most. From the article: "MMORPGs have evolved rapidly in terms of technology and gameplay, and with the continually growing number of gamers being pulled into these games, more and more titles have been shoveled onto retail shelves in order to keep up with the demand. Despite the fact that there isn't any one clear front-runner in the genre currently, the diversity and variety in MMORPGs today (both in the games available now and in the months to come) give many more options to most any gamer. However, here we will discuss those games that serve as the premier offerings for gamers today, as well as those set to be released in the near future, and we'll identify why these games are the Kings of the Hill."
-
Finding Programmers to Build a Website?
jameseyjamesey asks: "I have a really good idea for an Ajax/Web2.0 website, but I have no idea how to code or put it together. I know what HTML, Java, PHP are but I have no idea clue how to code or program. Due to my demanding job, I also have no time to learn how to code. I have the layout, design, options, settings and method of making money all mapped out. Who can I talk to, and where can I go to work with someone to get my website developed and off the ground?"
-
NVIDIA GeForce 7800 GS For AGP Launched
Spinnerbait writes "Although new system sales with AGP slots are almost non-existent these days in the consumer desktop space, there is a still a fair aftermarket demand for upgrades in the retail area where AGP enabled motherboards abound. Although PCI Express is the mainstay interface for most new cards from graphics giants like NVIDIA and ATI, NVIDIA unwrapped a fairly high end card dubbed the GeForce 7800 GS, in an AGP variant. 16 pixel shaders engines and DX9 SM3.0 graphics compliant hardware in the latest GPU architecture from NVIDIA now available in AGP."