wiredmikey writes "Following a trend in allowing users to automatically utilize the secure HTTPS protocol when accessing Web based services, Twitter announced this week that it has added the option for users to force HTTPS connections by default when accessing Twitter.com. The reasons to utilize HTTPS when accessing any personal accounts aren't new, but an easy to use extension for FireFox called 'FireSheep,' released in October 2010, spiked concern, as it enables HTTP session hijacking for the masses."
51mon writes "Austrian CERT used data from one of their authoritative DNS server to measure the rate at which the latest DNS patch (source port randomization) is being rolled out to larger recursive name servers. While about half the traffic (PDF) they receive is now using source port randomization, their data suggest that this is due to ISPs who roll out such fixes immediately. The rate of patching has fallen to disappointingly low levels since. If your ISP isn't patched, perhaps it is time to switch." After details of the DNS vulnerability leaked, researchers |)ruid and HD Moore released attack code; ZDNet's security blog has an analysis.
An anonymous reader writes "In a case of 'all your data are belong to us,' the US government is close to coming to an agreement with the EU that allows it to get private citizen data on EU citizens to 'look for suspicious activity.' So, now we know what step three is: set up a security agency in the US to resell otherwise unavailable data."
An anonymous reader sends along a video from Builder AU, in which Sun's chief open source officer Simon Phipps describes 2001-2002 as 'a period where Sun 'screwed up' in their dealings with the open source community. Phipps says that Sun is trying to remedy the situation with the open sourcing of Java, Solaris, and the rest of Sun's software."
jsuda writes "At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable." Read below for the rest of Jsuda's review.
Kolargol00 writes "An outage affected the Mozilla.com website on the day the organisation launched its Guinness World Record attempt for downloads of the new Firefox 3 browser. The mozilla.com site was unreachable from around the world, occasionally responding with the message, 'Http/1.1 Service Unavailable.'" Since they decided to run their day from 1pm to 1pm Eastern time, the download day is actually still going, so you can still get Firefox and be part of the record.
boustrophedon writes "Starting at midnight in their local timezones, downloaders have been asking when Firefox 3 will be ready for Firefox Download Day, June 17, 2008. Mary announced on the Spread Firefox Forum that downloads will commence at 10 AM PST." That means 1 p.m. East Coast time, and, in Justin Mason's view, some pretty annoying times of day for many parts of the world. Reader CorinneI supplies a link to PC Magazine's (very positive) overview of the new version's features, which praises the "speedy performance, thrifty memory usage, and, in particular, the address bar that now predicts where you want to go when you start typing (what Mozilla insiders refer to as the Awesome Bar)." FF3, even in Beta and RC form, and even with the extension incompatibilities I've run into, has quickly replaced FF2 as my preferred browser — for me, the improved drop-down autocomplete behavior alone is enough to justify the switch.
JD-1027 writes in to kick off a discussion of OS X Snow Leopard. Apple's stated goal: "Taking a break from adding new features, Snow Leopard — scheduled to ship in about a year — builds on Leopard's enormous innovations by delivering a new generation of core software technologies that will streamline Mac OS X, enhance its performance, and set new standards for quality." The technologies: Grand Central to get better use of multiple processors and multicore chips, OpenCL to tap the power of the GPU, 64 bit so we can finally have our 16 TB of RAM, QuickTime X for optimized modern codec performance, and built in Exchange support in iCal, Address Book, and Apple Mail that most likely will help get Macs into corporate environments. We've previously discussed ZFS in the server version of Snow Leopard."
Galen Gruman submitted infoworld's summary of Apple's grand strategy for the iPhone. He points out that the real important part of the new iPhone is the software, not the hardware. He talks about the new SDK stuff, the ad-hoc app distribution, and other stuff. It's a reasonable read if you have been ignoring the iPhone and want to know what the hype is about over this release, but doesn't break any new ground if you've been paying attention.
In January we discussed a blog entry revealing that Apple had "crippled" its DTrace port. As the author notes in a followup post, to say that DTrace had been "crippled" was at least overstated: "Unfortunately, most reactions seized on a headline paraphrasing a line of the post — albeit with the critical negation omitted." In an updated entry, the poster notes that Apple has made good (so we have too): "One issue was that timer based probes wouldn't fire if certain applications were actively executing (e.g. iTunes). This was evident both by counting periodic probe firings, and by the absence of certain applications when profiling. The good news is that Apple has (quietly) fixed the problem in Mac OS X 10.5.3."
Lapzilla brings word that airports around the US are beginning to use a new type of body-scanning machine which records pictures of travelers underneath their clothing. The process takes roughly 30 seconds, and the person viewing the pictures is located in a separate room. We've discussed similar scanners in the past. From USAToday: "[Barry Steinhardt, head of the ACLU technology project] said passengers would be alarmed if they saw the image of their body. 'It all seems very clinical and non-threatening -- you go through this portal and don't have any idea what's at the other end,' he said. Passengers scanned in Baltimore said they did not know what the scanner did and were not told why they were directed into the booth. Magazine-sized signs are posted around the checkpoint explaining the scanners, but passengers said they did not notice them."
Stating the obvious: "Two scientists write that obese people are disproportionately responsible for high food prices and greenhouse gas emissions because they consume 18% more food energy due to their greater body mass -- and require increased quantities of fuel to transport themselves and the food they eat. 'Promotion of a normal distribution of BMI would reduce the global demand for, and thus the price of, food,' write the authors, Phil Edwards and Ian Roberts of the evocatively named London School of Hygiene & Tropical Medicine."
Steven Noonan sends us to a page where he is collecting and updating results for various browsers on the newly released Acid 3 test. No browser yet scores 100 on this test. (We discussed Acid 3 when it came out.) He writes, "It's not surprising that Internet Explorer is losing to every other modern browser, but how did IE 5.5 beat IE 6.0 and 7.0?" All of the IE versions score below 20 on Acid 3.