Wired is reporting that Microsoft is releasing the most secure version of Windows XP ever created, but only if you are the US Air Force. "The Air Force persuaded Microsoft CEO Steve Ballmer to provide it with a secure Windows configuration that saved the service about $100 million in contract costs and countless hours of maintenance. At a congressional hearing this week on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as an template for how the government could use its massive purchasing power to get companies to produce more secure products. And those could eventually be available to the rest of us. Security experts have been arguing for this "trickle-down" model for years. But rather than wield its buying power for the greater good, the government has long wimped out and taken whatever vendors served them. If the Air Force case is a good judge, however, things might be changing."

BillyG noted an RMS interview where he says "'Software as a service' means that you think of a particular server as doing your computing for you. If that's what the server does, you must not use it! If you do your computing on someone else's server, you hand over control of your computing to whoever controls the server. It is like running binary-only software, only worse: it's even harder for you to patch the program that's running on someone else's server than it is to patch a binary copy of a program running on your own computer. Just like non-free software, 'software as a service' is incompatible with your freedom."

An anonymous reader writes "We have a T1 line coming into our satellite office and we rely fairly heavily on it to transfer large amounts of data over a VPN to the head office across the country. Recently, we decided to upgrade to a 20 Mbit line. Being the lone IT guy here, it fell on me to run cable from the ISP's box to our server room so I went out and bought a spool of Cat6. I mentioned the purchase and the plan to run the cable myself to my boss in head office and in an emailed response he stated that it's next to impossible to create quality cable (ie: cable that will pass a Time Domain Reflectometer test) by hand without expensive dies, special Ethernet jacks and special cable. He even went so far as to say that handmade cable couldn't compare to even the cheapest Belkin cables. I've never once ran into a problem with handmade patch cables. Do you create your own cable or do you bite the bullet and buy it from some place?"

tobiasly writes "I administer several Ubuntu desktops and numerous CentOS servers. One of the biggest headaches is keeping them up-to-date with each distro's latest bugfix and security patches. I currently have to log in to each system, run the appropriate apt-get or yum command to list available updates, determine which ones I need, then run the appropriate install commands. I'd love to have a distro-independent equivalent of the Red Hat Network where I could do all of this remotely using a web-based interface. PackageKit seems to have solved some of the issues regarding cross-distro package maintenance, but their FAQ explicitly states that remote administration is not a goal of their project. Has anyone put together such a system?"

mallumax sends word from the NYTimes that US government officials today declared a public health emergency over increasing cases of the swine flu first seen in Mexico. Here is additional coverage from CNN. From the Times: "American health officials [say]... that they had confirmed 20 cases of the disease in the United States and expected to see more as investigators fan out to track down the path of the outbreak. Other governments around the world stepped up their response to the incipient outbreak, racing to contain the infection amid reports of potential new cases from New Zealand to Hong Kong to Spain, raising concerns about the potential for a global pandemic. The cases in US looked to be similar to the deadly strain of swine flu that has killed more than 80 people in Mexico and infected 1,300 more." Reader "The man who walks in the woods" sends a link to accounts emailed to the BBC from readers in Mexico. While these are anecdotal, they do paint a picture of a more serious situation than government announcements have indicated so far.

Mordok-DestroyerOfWo writes "If a little-known but influential alliance of state politicians, large retailers, and tax collectors have their way, the days of tax-free Internet shopping may be nearly over. A bill expected to be introduced in the US Congress as early as Monday would rewrite the ground rules for mail order and Internet sales by eliminating what its supporters view as a 'loophole' that, in many cases, allows Americans to shop over the Internet without paying sales taxes."

alharaka writes "I have a relative that has been a lawyer for over two decades. In passing conversation, he revealed to me that he has a great deal of his data stored on floppies. Naturally, as an IT guy, I lost it on him, telling him that a one-dimensional storage strategy of floppies was unacceptable. If he lost those files, his clients would be enraged. Since I do not know much about online data storage for lawyers, I read a few articles I found on Google. A lot of people appear to recommend CoreVault, since a few bar associations, including Oklahoma, officially endorsed them. That is not enough for me. Do any Slashdotters have info on this topic? Do you have any companies you would recommend for online data storage specifically for lawyers? My relative is a lawyer with recognition in NJ, NY, CA, and DC; are there any rules and regulations you know of regarding such online storage he must comply with? I know IT and not law. I am aware this is not a forum for legal advice, but do any IT professionals who work for law firms know about such rules and regulations?"

An anonymous reader sends in a story at Wired about the increasingly popular methods criminals are using to bypass PIN encryption and rack up millions of dollars in fraudulent withdrawals. Quoting: "According to the payment-card industry ... standards for credit card transaction security, [PINs] are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API. 'Essentially, the thief tricks the HSM into providing the encryption key,' says Sartin. 'This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.'"

An anonymous reader writes "My father is a veterinarian with a small private practice. He runs all his patient/client/financial administration on two simple workstations, linked with a network cable. The administration application is a simple DOS application backed by a database. Now the current systems, a Pentium 66mhz and a 486, both with 8MB of RAM and 500MB of hard drive space, are getting a bit long in the tooth. The 500MB harddrives are filling up, the installed software (Windows 95) is getting a bit flakey at times. My father has asked me to think about replacing the current setup. I do know a lot about computers, but my father would really like the new setup to last 10-15 years, just like the current one has. I just dont know where to begin thinking about that kind of systems lifetime. Do I buy, or build myself? How many spare parts should I keep in reserve? What will fail first, and how many years down the line will that happen?"

An anonymous reader writes "Recently, I decided to try out Google Chrome. With my usual mistrust of Google, I decided to carefully read the EULA before installing the software. I paused when I stumbled upon this section: '7.3 Google reserves the right (but shall have no obligation) to pre-screen, review, flag, filter, modify, refuse or remove any or all Content from any Service. For some of the Services, Google may provide tools to filter out explicit sexual content. These tools include the SafeSearch preference settings (see google.com/help/customize.html#safe). In addition, there are commercially available services and software to limit access to material that you may find objectionable.' Does this mean that Google reserves the right to filter my web browsing experience in Chrome (without my consent to boot)? Is this a carry-over from the EULAs of Google's other services (gmail, blogger etc), or is this something more significant? One would think that after the previous EULA affair with Chrome, Google would try to sound a little less draconian." Update: 04/05 21:14 GMT by T : Google's Gabriel Stricker alerted me to an informative followup: "We saw your Slashdot post and published the following clarification on the Google Chrome blog."

narramissic writes "According to a TV Week article, NBC Universal has decided to change the name of their Sci Fi Channel to SyFy. Why? To pull in a more 'mainstream' audience. If you're unclear what 'more mainstream' means, TV Historian Tim Brooks spells it out for you: 'The name Sci Fi has been associated with geeks and dysfunctional, antisocial boys in their basements with video games and stuff like that, as opposed to the general public and the female audience in particular.' Yes, we should probably all be offended. And telling us that a crack marketing team came up with the name because that's how tech-savvy 18-to-34 year-olds would text it really doesn't help."

jammag writes "Most developers have worked with a dude like Josh, who's so brilliant the management fawns over him even as he takes a dump in the lobby flowerpot. Eric Spiegel tells of one such Josh, who wears T-shirts with offensive slogans, insults female co-workers and, when asked about documentation, smirks, "What documentation?' Sure, he was whipsmart and could churn out code that saved the company millions, but can we please stop enabling these people?"

An anonymous reader writes "New Scientist reports on how competitions to devise better packing algorithms could help cut the environmental impact of deliveries and shipping. A new record setter at packing differently-sized discs into the smallest space without overlapping them has potential to be applied to real world 3D problems, researchers claim." Ok the title might be a little ridiculous, but the ridiculous packaging used to ship a few tiny objects by some shippers is pretty shameful.

The Bad Astronomer writes "The legislators in Illinois, always on the lookout for more places to find voters, have passed a resolution declaring Pluto is a planet. I'm not sure what else can be said here, except that — besides overstepping their jurisdiction just a wee bit — they make a couple of scientific howlers in the resolution itself."

Barence writes "Microsoft has unveiled a slew of new features that will appear in the Release Candidate of Windows 7 that didn't make an appearance in the beta. 'We've been quite busy for the past two months or so working through all the feedback we've received on Windows 7,' explains Steven Sinofsky, lead engineer for Windows 7 in his blog. A majority of these features are user interface tweaks, but they should add up to a much smoother Windows 7 experience." In separate news, Technologizer reports on Microsoft's contingency plan, should things not go well in EU antitrust, to slip Win7 to January.