Follow Slashdot stories on Twitter


Forgot your password?
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Submission + - Is open source SNORT dead?->

alphadogg writes: Is Snort, the 12-year-old open-source intrusion detection and prevention system, dead?

The Open Information Security Foundation (OISF), a nonprofit group funded by the U.S. Dept. of Homeland Security (DHS) to come up with next-generation open source IDS/IPS, thinks so. But Snort's creator, Martin Roesch, begs to differ, and in fact, calls the OISF's first open source IDS/IPS code, Suricata 1.0 released this week, a cheap knock-off of Snort paid for with taxpayer dollars.

The OISF was founded about a year and a half ago with $1 million in funding from a DHS cybersecurity research program, according to Matt Jonkman, president of OISF. He says OISF was founded to form an open source alternative and replacement to Snort, which he says is now considered dead since the research on what is supposed to be the next-generation version of Snort, Snort 3.0, has stalled.

"Snort is not conducive to IPv6 nor to multi-threading," Jonkman says, adding, "And Snort 3.0 has been scrapped."

According to Jonkman, OISF's first open source release Suricata 1.0 is superior to Snort in a number of ways, including how it can inspect network packets using a multi-threading technology to inspect more than one packet at a time, which he claims improves the chances of detecting attack traffic

Link to Original Source

USPTO Lets Amazon Patent the "Social Networking System" 265

theodp writes "After shelling out a reported $90 million to buy PlanetAll in 1998, Amazon shuttered the site in 2000, explaining that 'it seemed really superfluous to have it running beside Friends and Favorites.' But years later in a 2008 patent filing, Amazon described the acquired PlanetAll technology to the USPTO in very Facebook-like terms. And on Tuesday, the USPTO issued US Patent No. 7,739,139 to Amazon for its invention, the Social Networking System, which Amazon describes thusly: 'A networked computer system provides various services for assisting users in locating, and establishing contact relationships with, other users. For example, in one embodiment, users can identify other users based on their affiliations with particular schools or other organizations. The system also provides a mechanism for a user to selectively establish contact relationships or connections with other users, and to grant permissions for such other users to view personal information of the user. The system may also include features for enabling users to identify contacts of their respective contacts. In addition, the system may automatically notify users of personal information updates made by their respective contacts.' So, should Facebook CEO Mark Zuckerberg worry about Amazon opening a can of patent whup-ass?"

HP Gives Printers Email Addresses 325

Barence writes "HP is set to unveil a line of printers with their own email addresses, allowing people to print from devices such as smartphones and tablets. The addresses will allow users to email their documents or photos directly to their own — or someone else's — printer. It will also let people more easily share physical documents; rather than merely emailing links around, users can email a photo to a friend's printer. 'HP plans to offer a few of these new printers to consumers this month, and then a few more of the products to small businesses in September.'"

Comment Re:Ads have been shown to harbor malware too (Score 1) 1051

"Ads are invasive, intrusive, annoying, and I don't want to see them. ever." - by Epsillon (608775) on Sunday March 07, @09:34AM (#31389634) Homepage

No, it bloody well isn't a quote from me. Try by mcelrath (8027) on Sunday March 07, @01:25.

No offence, mcelrath. I see nothing wrong or embarrassing about your post, just incorrect attribution really gets up my nose.

Comment Re:It's the freeloaders time (Score 5, Interesting) 1051

That's all very well, but these ad farms aren't just serving ads, are they? Most of the time they're also installing tracking cookies and collecting private information. You want me to see ads? Don't try to track me, then. Until this shit stops, I won't just be using AdBlock, I'll be blacklisting ad farms on my proxy and barring them on the gateway. Not only is this the primary motivation for me eschewing ad farms but it is also my fundamental right to retain control of what I allow in and out of my private network. Don't like it? Tough. My network, my rules.

Firm To Release Database, Web Server 0-Days 220

krebsonsecurity writes "January promises to be a busy month for Web server and database administrators alike: A security research firm in Russia says it plans to release information about a slew of previously undocumented vulnerabilities in several widely-used commercial software products, including MySQL, Tivoli, IBM DB2, Sun Directory, and a host of others, writes From the blog: 'After working with the vendors long enough, we've come to conclusion that, to put it simply, it is a waste of time. Now, we do not contact with vendors and do not support so-called "responsible disclosure" policy,' Legerov said."
The Media

Murdoch-Microsoft Deal In the Works 468

Hugh Pickens writes "The Financial Times reports that Microsoft is in discussions to pay Rupert Murdoch's News Corp, owner of newspapers ranging from the Wall Street Journal of the US to The Sun of the UK, to 'de-index' its news websites from Google, setting the scene for a search engine battle that could offer a ray of light to the newspaper industry. Microsoft is desperate to catch Google in search, and, after five years and hundreds of millions of dollars of losses, Bing, launched in June, marks its most ambitious attempt yet. Microsoft's interest is being interpreted as a direct assault on Google because it puts pressure on the search engine to start paying for content. 'This is all about Microsoft hurting Google's margins,' said the web publisher who is familiar with the plan. 'It's easy to believe that [Microsoft] may spew senseless riches into publishers' pockets, radically distorting the news market, just to spite Google,' writes Rob Beschizza at BoingBoing. 'Murdoch could be wringing cash out of a market he knows is doomed to implosion or assimilation. And he doesn't even have to be an evil genius, either; he just has to be smarter than Steve Ballmer.'"

Comment Re:That's very nice, but (Score 2, Informative) 216

Every developer out there seems to think DRM will "get them more sales" at least at some point in time. Some then realize this fact: The people pirating aren't "lost sales"- they're people who either can't/won't buy your product for varying reasons.

You want to win the "can't" crowd back if possible- you're never going to convince the "won't" crowd ever. The former is a possible customer, the latter is not and will not be.

DRM might slow the infringers down (it's been proven that pretty much every DRM solution to date has been circumvented within weeks of the release of the title...and that initial crush in the case of many titles won't be where you make your money if you're download only/mostly...) but it will pretty much never stop them. Ask Microsoft how nifty their DRM has been on the 360. DRM won't turn the "can't" crowd to be your customer- it won't put money in their pockets to buy. DRM won't turn the "won't" crowd into your customers- if they want your game badly enough, they will take it whether you have DRM on the title or not. If it's such that they won't bother, you've failed at making a fun game.

DRM is a folly wherever it gets used. It's use is based off of a flawed premise out of the gate.

Comment My thoughts (Score 1) 244

There is no magic solution - you are talking about managing multiple environments with different requirements and technologies in some meaningful, automated way.

You're looking at home-brew here.

What you want to aim for is

0) Stop using multiple technologies if you can. If that's not an option, it just makes more work.

1) Clearly define policies regarding development, testing, and release. These have nothing to do with tools. You build and select your tools based on these policies.

2) Automated pushbutton deployment. You want your code releases of each new version of a site to be automated. You also want rolling back to the previous version to be automated. This applies for CI, QA, and whatever other stages you want, all the way to Production.
3) Automated deployment should involve at a minimum tagging a given revision and pushing it to the correct environment.

4) You can use commit hooks or some other method against TRUNK to run a CI server that continually does regression testing and other funky stuff... as well as just shows you a live version of what's in trunk "right now".

5) When working towards a target release,developers need to include any necessary scripts to update (and rollback, if necessary) their respective databases.

6) Config data... can be handled by having a separate /config folder for each environment, version controlled separately - and where access and change control are again strictly defined and limited, and well documented. this would automatically be inserted by your pushbutton deployment process.


NVIDIA Driver Developer Discusses Linux Graphics 317

An anonymous reader writes "Andy Ritger, who leads the NVIDIA UNIX Graphics Team responsible for creating drivers on Linux, FreeBSD and Solaris, has answered many questions at Phoronix about the state of Linux graphics, gaming, and drivers. Ritger shares some interesting facts, such as: the Linux graphics driver download rate is 0.5% that of their Windows driver downloads at; how the Nouveau developers are doing an incredible job; creating an AMD-like open-source strategy at NVIDIA would be time intensive and unlikely; and development problems for the Linux platform. Also commented on are new features that may come to their Linux driver within the next twelve months." Like all stories at Phoronix, in common with most other hardware review sites, this one is arbitrarily and maddeningly spread across 8 pages.

Comment Re:Turn the tables (Score 1) 1364

What happens when you cross the state line? Oh, I'm sorry, we don't recognize your 'union'. How is that equal to any 'marriage'?

First: That's not a legal right.
Second: It only works for marriages because states already have reciprocal recognition agreements regarding marriages.
Third: The fix is not to force a new definition of marriage on everyone. The fix is to add civil unions to states' reciprocal recognition agreements.

Married couples can divorce anywhere. Civil unions? Not a chance.

First: It's only an issue because civil unions aren't always recognized across state lines. Amending the state reciprocal recognition agreements will fix that.
Second: Are you seriously complaining that it's too hard to dissolve a civil union? I thought they wanted to marry so they could commit to eachother?

Doing so with 'marriage' will grant that person immediate citizenship. Not so with a civil union.

First: That's not a legal right.
Second: The person can simply go through the normal citizenship process. (I don't think marriage to a citizen should automatically make a person a citizen, so I could make that argument as well.)

Taxes? Forget it. The federal government doesn't recognize civil unions. You can't file jointly.

First: Joint tax filing is not a legal right.
Second: They can usually file state taxes jointly.
Third: Again, the solution is not to redefine marriage, but to add a "civil union" joint filing status to the federal tax code.

There are also over a thousand benefits (yes, that's 1,000+) granted to married couples. Unions in the few states that allow them grant SOME of those, but not all. Not a single state in the union grants all of those protections.

Assuming your number is correct, how many of those benefits are legal rights, as opposed to, say, tax benefits for having children? Can you show me any of those benefits which are actually relevant to a majority of homosexual civil unions? (For example, child tax deductions are completely irrelevant for the vast majority of homosexual couples.)

(Remember: gay-marriage supporters like yourself complain that gays are losing rights. Tax benefits are not a right, they're merely benefits. If that is your chief complaint, fine, I don't have a problem with you complaining about benefits, but don't call them "rights" when they're not.)

Do you seriously thing these civil unions as available today are in any way equivalent to a marriage?

No, of course not; but I've already mentioned the solution: amend state reciprocal recognition agreements to include civil unions. That will solve most of your complaints, and would be far easier for the majority of the country to stomach than redefining something so important to them.

They can visit their partners in the hospital.

One hospital's indiscretion should not reflect on the country as a whole. Or should I regale you with stories about people who are discriminated against in the South just because they're Mormon?

My point is, an anecdote does not give you license to claim there's some rampant mistreatment of $MINORITY going on.

They can inherit.

So can partners in civil unions. Not sure where you're getting that. But even if they couldn't the solution would be to change that.

But even if that weren't an option for some contrived reason, it's literally a trivial matter to write a will giving your possessions anyone you want in the event of your death.

They can adopt.

So can gay couples. Or are you referring to specific adoption agencies who won't give kids to gay couples, because they think gay couples can't provide an adequate child-rearing environment? If that's the case, you need to address that issue (the child-rearing environment one), not complain about the adoption agencies.

They are actively trying to prevent these folks from having the same rights.

First: Nothing you listed is a legal right.
Second: Everything you listed has a relatively simple fix which does not involve redefining "marriage".

Do you feel it's right to force the majority of the country to accept your new definition for "marriage" when a relatively simple alternative exists?

The only function of economic forecasting is to make astrology look respectable. -- John Kenneth Galbraith