Forgot your password?
typodupeerror
Security

Dan Bernstein Confirms Security Flaw In Djbdns 66

Posted by timothy
from the gets-yer-money-and-takes-yer-chances dept.
secmartin writes "Dan Bernstein has just admitted that a security issue has been found in the djbdns software, one of most popular alternatives for the BIND nameserver. As part of the djbdns security guarantee, $1000 will be paid to Matthew Dempsky, the researcher that found the bug. The bug allows a nameserver running djbdns to be poisoned using just a single packet. Other researchers have found a separate issue that allows dnscache, the DNS cache that is also part of the djbdns package, to be poisoned within just 18 minutes when using the default configuration. Anyone using djbdns is strongly encouraged to patch their servers immediately." Reader emad contributes a link to the djbdns mailing list post containing both a patch and a sample exploit, and adds: "In the words of Dan Kaminsky (of recent DNS security fame): 'However, Dempsky's bug in djb's tinydns is way more surprising, if only because ... holy crap, he pulled an exploitable scenario out of THAT?!'"
The Courts

You Are Not a Lawyer 693

Posted by kdawson
from the help-in-thinking-like-one dept.
Paul Ohm is starting a new "very occasional" feature on the Freedom To Tinker blog called You Are Not a Lawyer — "In this series, I will try to disabuse computer scientists and other technically minded people of some commonly held misconceptions about the law (and the legal system)." In the first installment, Ohm walks through the reasons why many techies' faith in the presence of "reasonable doubt" is so misplaced. "When techies think about criminal law, and in particular crimes committed online, they tend to fixate on [the 'beyond a reasonable doubt'] legal standard, dreaming up ways people can use technology to inject doubt into the evidence to avoid being convicted. I can't count how many conversations I have had with techies about things like the 'open wireless access point defense,' the 'trojaned computer defense,' the 'NAT-ted firewall defense,' and the 'dynamic IP address defense.' ... People who place stock in these theories and tools are neglecting an important drawback. There are another set of legal standards — the legal standards governing search and seizure — you should worry about long before you ever get to 'beyond a reasonable doubt.'"
Earth

Global Warming Irreversible, NOAA Scientist Finds 1061

Posted by kdawson
from the is-it-hot-in-here dept.
Tibor the Hun writes "NPR reports that Susan Solomon, one of the world's top climate scientists, finds in her new study that global warming is now irreversible. The study, published in the Proceedings of the National Academy of Sciences, concludes that even if we could immediately cease our impact on pollution and greenhouse gasses emissions, global climate change would continue for more than a thousand years. The reason is the saturation of oceans with carbon dioxide. Her study looked at the consequences of long-term effect in terms of sea-level rise and drought."
It's funny.  Laugh.

After Monty Python Goes YouTube, Big Jump In DVD Sales 281

Posted by timothy
from the causation-may-have-something-to-do-with-correlation dept.
An anonymous reader writes "Apparently it with the release of all of Monty Python's material on YouTube, their sales have blown through the roof on Amazon.com. It is too bad there isn't any proper news article about this, but I think it bodes well for those who champion free content. More importantly, it forces the MPAA's feet into their mouths." Not every performer (or group of performers) has the decades-strong appeal of Monty Python, but this is a great thing to see. The linked article claims that the sales increase in the Python DVDs is 23,000 percent; there are probably some other ways to figure the numbers, but a big increase is easy to see.
Education

Are My Ideas Being Stolen? If So, What Then? 508

Posted by timothy
from the patent-your-own-idea-stealer dept.
BinaryGrind writes "I just got started taking Computer Science classes at my local university and after reading Universities Patenting More Student Ideas I felt I needed to ask: How do I tell if any of my projects while attending classes will be co-opted by my professors or the university itself and taken away from me? Is there anything I can do to prevent it from happening? What do I need to do to protect myself? Are there schools out there that won't take my work away from me if I discover TheNextBigThing(TM)? If it does happen is there anything I can do to fight back? The school I'm attending is Southern Utah University. Since it's not a big university, I don't believe it has a big research and development department or anything of that ilk. I'm mostly wanting to cover my bases and not have my work stolen from me."
Data Storage

Why Mirroring Is Not a Backup Solution 711

Posted by kdawson
from the pointed-lesson dept.
Craig writes "Journalspace.com has fallen and can't get up. The post on their site describes how their entire database was overwritten through either some inconceivable OS or application bug, or more likely a malicious act. Regardless of how the data was lost, their undoing appears to have been that they treated drive mirroring as a backup and have now paid the ultimate price for not having point-in-time backups of the data that was their business." The site had been in business since 2002 and had an Alexa page rank of 106,881. Quantcast said they had 14,000 monthly visitors recently. No word on how many thousands of bloggers' entire output has evaporated.
Software

Anyone Besides Zune Owners With New Year's Crashes? 480

Posted by timothy
from the coincidences-abound dept.
aputerguy writes "My Fedora 8 Linux server crashed sometime between 18:59:40 EST (GMT -5:00) and 19:00:00 EST (GMT -5:00) on Dec 31, 2008 which remarkably corresponds to within at most 20 seconds of the New Year in GMT. I have been running this same hardware non-stop for more than six years and other than the occasional reboot for kernel (or distro) upgrades, it has not crashed more than 1 or 2 times in 2237 days of cumulative uptime. Nothing other than background processes were running at the time of the crash. Could this be a coincidence or was there some 2008/2009 rollover issue going on here? Has anyone (other than Zune 30GB owners) noticed similar year-end issues with their computers or electronic devices?"
Software

Michael Meeks Says OO.o Project is "Profoundly Sick" 676

Posted by timothy
from the important-alternative dept.
unassimilatible writes "Michael Meeks, who works full time developing OpenOffice, writes in his blog that the project is 'profoundly sick.' 'In a healthy project we would expect to see a large number of volunteer developers involved, in addition — we would expect to see a large number of peer companies contributing to the common code pool; we do not see this in OpenOffice.org. Indeed, quite the opposite we appear to have the lowest number of active developers on OO.o since records began: 24, this contrasts negatively with Linux's recent low of 160+. Even spun in the most positive way, OO.o is at best stagnating from a development perspective.'"
Image

Inventor Builds Robot Wife 469 Screenshot-sm

Posted by samzenpus
from the you-lonely-lonely-man dept.
Inventor Le Trung must really like the book "The Stepford Wives," because he has built the dream of every lonely man without hope, a robot wife. Le's wife, Aiko, starts the day by reading him the newspaper headlines and they go for a drives in the countryside. Le says his relationship with Aiko hasn't strayed into the bedroom, but a few tweaks could turn her into a sexual partner, even redesigning her to have a simulated orgasm. *Shudder*
Portables (Apple)

Should Apple Open Source the iPhone? 379

Posted by timothy
from the would-sure-to-have-to-have-all-that-money dept.
An anonymous reader writes "Given the OpeniBoot project is just a breath away from getting Android onto the iPhone, maybe Apple should consider opening up the platform. This post has five reasons, but I think there are far more. Without open source, Apple will find itself in the same position as today's Microsoft in seven years."
Microsoft

Obama's "ZuneGate" 608

Posted by kdawson
from the et-tu-barack dept.
theodp writes "Barack Obama supporters were left shaking their heads after a report surfaced that the president-elect was using a Zune at the gym instead of an iPod. So why would Mac-user Obama be Zune-ing out? Could be one of those special-edition preloaded Zunes that Microsoft bestowed on Democratic National Convention attendees, suggests TechFlash, nixing the idea that the soon-to-be Leader of the Free World would waste time loading Parallels or Boot Camp in OS X just to use a Zune."
Security

'Greasemonkey' Malware Targets Firefox 370

Posted by CmdrTaco
from the oh-this-can't-end-well dept.
snydeq writes "Researchers have discovered a new type of malware that collects passwords for banking sites but targets only Firefox. The malware, dubbed 'Trojan.PWS.ChromeInject.A,' sits in Firefox's add-ons folder, registering itself as 'Greasemonkey,' the well-known collection of scripts that add functionality to Web pages rendered by Firefox. The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including PayPal, collecting logins and passwords, which it forwards to a server in Russia. Trojan infection can occur via drive-by download or download duping."
Linux Business

"FOSS Business Model Broken" — Former OSDL CEO 412

Posted by kdawson
from the who-needs-support-anyway dept.
liraz writes "Stuart Cohen, former CEO of Open Source Development Labs, has written an op-ed on BusinessWeek claiming that the traditional open source business model, which relies solely on support and service revenue streams, is failing to meet the expectations of investors. He discusses the 'great paradox' of the FOSS business model, saying: 'For anyone who hasn't been paying attention to the software industry lately, I have some bad news. The open source business model is broken. Open source code is generally great code, not requiring much support. So open source companies that rely on support and service alone are not long for this world.' Cohen goes on to outline the beginnings of a business model that can work for FOSS going forward."
Databases

MySQL 5.1 Released, Not Quite Up To Par 175

Posted by ScuttleMonkey
from the time-to-fix-the-org dept.
Mad Merlin writes "It's no secret that MySQL 5.1 has been a long time in the making, with the first beta release being in Nov 2005, but MySQL 5.1.30 has finally been released as GA. MySQL users can expect new features such as table/index partitioning, row based replication, a new plugin architecture, an event scheduler and a host of performance improvements from 5.1." Monty also had a blog post outlining some of the challenges faced in 5.1, including crashing bugs and a beta quality to most new features.

May the bluebird of happiness twiddle your bits.

Working...