Submission + - CPSA: Destroy Childrens Books Made Prior to 1985 (overlawyered.com)
bitrex writes: "An article at Overlawyered.com discusses some of the ramifications of the Consumer Products Safety Act of 2008. Under the provisions of the bill, which took effect on February 10th of this year, it is now illegal to distribute, sell, or lend children's books printed in the United States prior to 1985, when lead paint was banned from children's products — unless each item can be proven "safe" through expensive testing. Given the harsh economic math of the process, some libraries have determined that disposing of thousands of vintage books is the only option. Here is a guide for consumers to the effects of the new legislation."
Submission + - Researchers use MD5 collision to break SSL (cnet.com)
An anonymous reader writes: CNET (and others) are reporting that a team of researchers has just announced at the 25th Chaos Communications Conference in Berlin that they have "broken" SSL. More precisely, they have further developed and exploited previously known weaknesses in MD5 to generate a rouge "certificate authority" SSL certificate which appears valid to browsers. Using this, they can sign new other certificates in any name they choose, opening up serious man-in-the-middle attacks on secure sites.
Note that this is not likely to be a problem in practice, because the exploit is technically difficult to duplicate and they are not releasing full details, nor the rogue CA cert. However — they broke SSL!
Note that this is not likely to be a problem in practice, because the exploit is technically difficult to duplicate and they are not releasing full details, nor the rogue CA cert. However — they broke SSL!
Submission + - CCC Hackers break the internet creating a CA cert
Petar writes: Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger broke the internet today by creating a rogue CA certificate that all major browser trust and can create ssl certificates for any site on the internet. To see the certificate first change your date to august 2004 and than visit I broke the internet and all I got was this t-shirt and examine the certificate (it's exipired so if it leaks nobody can use it). They also published their full research. As a side note the cluster was 200 playstations.
Submission + - CCC Create a rogue CA certificate (win.tue.nl)
t3rmin4t0r writes: "Just when you were breathing easy about Kaminsky, DNS and the word hijacking, by repeating the word SSL in your head, the hackers at CCC were busy at work making a hash of SSL certificate security. Here's the scoop on how they set up their own rouge CA, by (from what I can figure) reversing the hash and engineering a collision up in MD5 space. Until now, md5 collisions have been ignored because nobody would put in that much effort to create a useful dummy file, but a CA certificate for phishing seems juicy enough to be fodder for the botnets now."
Comment Re:For the Record (Score 1) 213
me neither...
David X. Cohen of Futurama Talks About the Movie 141
Joel Keller writes "I conducted a brief interview with David X. Cohen, EP and show-runner for Futurama, about the release of the new DVD, "Futurama: Bender's Big Score," as well as the return of his show to TV. The interview was posted to TV Squad this morning. In it, Cohen talks about how the movies will be split up into episodes, some of the inside references that they inserted for the die-hards, and a quick preview of what the second Futurama movie is going to be about."
Submission + - How to clear my name? 3
VoiceofDoom writes: A while ago I parted company with a client over their refusal to pay for the IT support service that I had been providing for them. I wrote them off as a bad debt and asked that they remove my name and details from all their IT systems, since I no longer wanted to have anything to do with them, and wasn't interested in their marketing emails.
A quick check of Google for my name recently, revealed that the company has falsified a testimonial from me, glowing with praise for their services. Now my name and email address are plastered all over their site, and they have ignored repeated requests from me that they remove both my personal details and the fake testimonial.
As they haven't infringed on trademarks or copyright, I am not really sure what recourse is available to me to get this personal info and made-up testimonial removed from their website. Can any law-savvy Slashdotters help? FYI — both I and the offending company are UK-based.
A quick check of Google for my name recently, revealed that the company has falsified a testimonial from me, glowing with praise for their services. Now my name and email address are plastered all over their site, and they have ignored repeated requests from me that they remove both my personal details and the fake testimonial.
As they haven't infringed on trademarks or copyright, I am not really sure what recourse is available to me to get this personal info and made-up testimonial removed from their website. Can any law-savvy Slashdotters help? FYI — both I and the offending company are UK-based.
Submission + - Splitting dynamic and static parts of webpages?
LaurensVH writes: "While recently philosophising on how cool mod_parrot would be, I suddenly realised it would be even cooler if we took the idea one step further.
If anything, I'd say some of the most exciting stuff to happen in web development recently is all based on splitting up different tasks. First, markup was separated almost entirely from design through the wonders of CSS, used in combination with (X)HTML. I think we can safely say we're all glad we've managed to get rid of tablular page layouts. CSS implementations in some browsers (and especially non-browsers) are still a bit lacking (most notably ACID2 gets royally messed up). At any rate, they differ. Enough to force web designers (or developers, in cases where they overlap) into restorting to ugly kludges to get their shiny stylesheet to render a webpage correctly in most common browsers. For now, it's the best we have.
The second big advancement came with the dawn of the MVC model. MVC stands for "model, view, controller", a design paradigm applicable to dynamic web pages and their development. While CSS and (X)HTML separated markup from design, MVC separates the data model, the code that operates on the data model, and the way the content gets displayed (or, more accurately, gets passed to the HTML markup, where it eventually gets prettied up by CSS).
However, I feel there's room for even more improvement. Or, at the very least, there's plenty of interesting development still left to be done.
There are a number of really cool lightweight web servers out there, such as lighttpd (pronounced: "lighty"), fnord, and gatling. Those last two, besides both living at fefe.de, focus on delivering static content. A lot of static content, blazingly fast, while keeping server load minimal.
Most of you are probably thinking: "Well, obviously... But static content is so boring. Sure, we can put our images and even dynamically generated front pages made static (think lazy caching), but what's new?" right now. Well, if this is all you're going to be doing with it, yes, you're right, it ends here.
Imagine, however, that you combine this with the already existing technology of AJAX (well, more or less AJAX). Imagine all relevant static data, including information on how to get the dynamic data, beings erved by an extremely fast and efficient static web server.
The client then executes the javascript code that gets the dynamic data from a specialized "web" server. I'm not sure that's the correct term, because, in theory, it should never display any web pages. It simply returns JSON (or whatever object format is handiest in your particular setup) objects that the Javascript code uses to fill in the website content.
The most obvious downside is the Javascript requirement. It's the only feasible technology I'm aware of. It would be really cool if we could do this in arbitrary scripting languages. You could do this using XUL, but that isn't nearly as availible or commonplace as Javascript is, unfortunately.
The first person I told this said that superfluous AJAX usage has dramatic influences on website responsiveness, but that's in cases were you're fetching pieces of web page somewhere in the middle of user interaction with it. What I'm suggesting is doing it in on_load, meaning more or less the same amount of data has to be transferred.
Another issue is that it's hard to develop pages like this here and now, mainly because there are no specialized servers that only return objects at the time of writing. I'm not here to impress people with cool existing technology, I'm just trying to see what could be done with it in the future. Regarding the "hard to develop" argument, I can only imagine that very, very good toolkits will emerge if this idea is good enough.
So, in closing, dear Slashdotters, I'd like to ask you: do you think this would work? Am I on to something? Is the end of Apache nigh? Or should I go and get started on mod_parrot? ;-)
Thanks for listening.
Laurens Van Houtven (lvh \at\ laurensvh \dot\ be"
If anything, I'd say some of the most exciting stuff to happen in web development recently is all based on splitting up different tasks. First, markup was separated almost entirely from design through the wonders of CSS, used in combination with (X)HTML. I think we can safely say we're all glad we've managed to get rid of tablular page layouts. CSS implementations in some browsers (and especially non-browsers) are still a bit lacking (most notably ACID2 gets royally messed up). At any rate, they differ. Enough to force web designers (or developers, in cases where they overlap) into restorting to ugly kludges to get their shiny stylesheet to render a webpage correctly in most common browsers. For now, it's the best we have.
The second big advancement came with the dawn of the MVC model. MVC stands for "model, view, controller", a design paradigm applicable to dynamic web pages and their development. While CSS and (X)HTML separated markup from design, MVC separates the data model, the code that operates on the data model, and the way the content gets displayed (or, more accurately, gets passed to the HTML markup, where it eventually gets prettied up by CSS).
However, I feel there's room for even more improvement. Or, at the very least, there's plenty of interesting development still left to be done.
There are a number of really cool lightweight web servers out there, such as lighttpd (pronounced: "lighty"), fnord, and gatling. Those last two, besides both living at fefe.de, focus on delivering static content. A lot of static content, blazingly fast, while keeping server load minimal.
Most of you are probably thinking: "Well, obviously... But static content is so boring. Sure, we can put our images and even dynamically generated front pages made static (think lazy caching), but what's new?" right now. Well, if this is all you're going to be doing with it, yes, you're right, it ends here.
Imagine, however, that you combine this with the already existing technology of AJAX (well, more or less AJAX). Imagine all relevant static data, including information on how to get the dynamic data, beings erved by an extremely fast and efficient static web server.
The client then executes the javascript code that gets the dynamic data from a specialized "web" server. I'm not sure that's the correct term, because, in theory, it should never display any web pages. It simply returns JSON (or whatever object format is handiest in your particular setup) objects that the Javascript code uses to fill in the website content.
The most obvious downside is the Javascript requirement. It's the only feasible technology I'm aware of. It would be really cool if we could do this in arbitrary scripting languages. You could do this using XUL, but that isn't nearly as availible or commonplace as Javascript is, unfortunately.
The first person I told this said that superfluous AJAX usage has dramatic influences on website responsiveness, but that's in cases were you're fetching pieces of web page somewhere in the middle of user interaction with it. What I'm suggesting is doing it in on_load, meaning more or less the same amount of data has to be transferred.
Another issue is that it's hard to develop pages like this here and now, mainly because there are no specialized servers that only return objects at the time of writing. I'm not here to impress people with cool existing technology, I'm just trying to see what could be done with it in the future. Regarding the "hard to develop" argument, I can only imagine that very, very good toolkits will emerge if this idea is good enough.
So, in closing, dear Slashdotters, I'd like to ask you: do you think this would work? Am I on to something? Is the end of Apache nigh? Or should I go and get started on mod_parrot?
Thanks for listening.
Laurens Van Houtven (lvh \at\ laurensvh \dot\ be"
Submission + - How do I deal with a client that won't pay?
datapharmer writes: In February I did a network installation for a bookstore that is part of a very large chain. The work was subcontracted out to me by contingent.net under the terms net 60. This was mutually agreed upon and I have dealt with these terms before without problem. Unfortunately contingent is the exception, and after sending multiple invoices and making several calls which have gone unreturned I am out of patience. My next step is to go to court, but I would prefer to avoid this if possible. Slashdotters — have you ever had an out of state client that wouldn't pay? What did you do?
Submission + - Legal password hacking?
An anonymous reader writes: I work for a company that hosts an application for one of the US Federal multi letter government agencies. I've just been asked to run "John the Ripper" against the Active Directory (Please no Windows jokes, K?) accounts we setup for them. Not just one or two accounts, but ALL the accounts which are made up of Federal Employee's.
Why? To see if any account is using a weak password. Now mind you we have followed or exceeded all the guidelines they have set before us (password length, complexity, history, age, etc.). The agency is rather paranoid with all the recent leaks of personal information.
When I was asked to do this, warning sirens went off in my head. Can they make me do this? What are the legal ramifications of doing this? Can I be held accountable? My gut is saying "What-ever you do, DON'T DO IT! These are federal employee accounts!". 10 years ago I wouldn't have thought twice about doing this, but with all the new laws that have been passed I'm no sure.
Does anyone have good reference material backing my stance of not doing this. Or am I stuck hacking the accounts?
P.S. I will be calling my attorney in the morning for guidance. They just dropped this on me on my way out the door for the night.
Why? To see if any account is using a weak password. Now mind you we have followed or exceeded all the guidelines they have set before us (password length, complexity, history, age, etc.). The agency is rather paranoid with all the recent leaks of personal information.
When I was asked to do this, warning sirens went off in my head. Can they make me do this? What are the legal ramifications of doing this? Can I be held accountable? My gut is saying "What-ever you do, DON'T DO IT! These are federal employee accounts!". 10 years ago I wouldn't have thought twice about doing this, but with all the new laws that have been passed I'm no sure.
Does anyone have good reference material backing my stance of not doing this. Or am I stuck hacking the accounts?
P.S. I will be calling my attorney in the morning for guidance. They just dropped this on me on my way out the door for the night.
Submission + - Open Source solutions for Situation Rooms?
riffer writes: "In my team at work we're looking to put together a Situation Room for dealing with IT security. We want something that allows multiple video inputs from different computers to go to one or two large screen displays (probably plasmas), with the ability to resize, zoom and move the sub-displays around. There are various commercial solutions but I'm hoping an open source application could be used. I've looked at MythTV and it seems to offer much of what we'd need, but it's oriented towards TV watching and recording, and our video inputs would not be from cable TV or video cameras. We want this to look and feel professional, for acceptance by fairly conservative (and not very geeky) upper-management. Any suggestions?"
Submission + - How to handle massive email loss?
sherriw writes: How do you recover from a massive loss of old emails?
My growing wariness of Gmail and the fact that they archive your email forever prompted me to start moving away from Gmail to my own self-hosted webmail. So I started by deleting all my gmail that was older than 2006. But I typed 2008 by mistake, went blindly ahead and POOF all my gmail messages gone. Yes, I even emptied my trash.
My begging for help email to the Gmail support center has not been answered yet. So I'm faced with this permanent loss. How do you mentally handle the loss of thousands of emails, many of them part of ongoing "things to do" lists, and others with very important reference information and business related discussions? Email that ranks a 10 on the importance and relevance to my life scale. And yes... I will be using my own email accounts and backing it up on my PC from now on (my PC of course has backups), shame on me.
Does anyone have their own email or data loss horror stories?
My growing wariness of Gmail and the fact that they archive your email forever prompted me to start moving away from Gmail to my own self-hosted webmail. So I started by deleting all my gmail that was older than 2006. But I typed 2008 by mistake, went blindly ahead and POOF all my gmail messages gone. Yes, I even emptied my trash.
My begging for help email to the Gmail support center has not been answered yet. So I'm faced with this permanent loss. How do you mentally handle the loss of thousands of emails, many of them part of ongoing "things to do" lists, and others with very important reference information and business related discussions? Email that ranks a 10 on the importance and relevance to my life scale. And yes... I will be using my own email accounts and backing it up on my PC from now on (my PC of course has backups), shame on me.
Does anyone have their own email or data loss horror stories?
Submission + - Converting old e-mail archives to a common format?
enormouse writes: I have decades of email stored in various formats: various unix, VAX mail, Lotus Notes/Domino, PROFS, one-off formats, and several PC mail programs, etc. Some I want to keep, some I need to keep. Nothing new, right? Keeping the original applications around isn't a practicable option at this time, and neither is clearing a forest to print it all out. I want to be able to search them, preserve most of the ( html/rich-text) formatting, and obviously attachments. I can cook up converters, but I don't really want to write and maintain an archive system. I am thinking along the lines of an OSS mail or doc management system that I can run in a VM for 5-8 years before I have to move it again. Experiences and suggestions from folks who have gone through this?
Submission + - Do private companies have to keep their email?
An anonymous reader writes: So I'm an IT intern at a medium-sized manufacturing business. In short, my superiors have asked me to research if privately-held corporations have to archive all of their email.
Have any laws pertaining to archiving/backing up emails been recently passed or proposed in light of any headline corporate scandals?
Or, more simply put, is it legally ok for employees and administrators at private companies to permanently delete their emails?
Have any laws pertaining to archiving/backing up emails been recently passed or proposed in light of any headline corporate scandals?
Or, more simply put, is it legally ok for employees and administrators at private companies to permanently delete their emails?
