Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Dan Bernstein Confirms Security Flaw In Djbdns 66

secmartin writes "Dan Bernstein has just admitted that a security issue has been found in the djbdns software, one of most popular alternatives for the BIND nameserver. As part of the djbdns security guarantee, $1000 will be paid to Matthew Dempsky, the researcher that found the bug. The bug allows a nameserver running djbdns to be poisoned using just a single packet. Other researchers have found a separate issue that allows dnscache, the DNS cache that is also part of the djbdns package, to be poisoned within just 18 minutes when using the default configuration. Anyone using djbdns is strongly encouraged to patch their servers immediately." Reader emad contributes a link to the djbdns mailing list post containing both a patch and a sample exploit, and adds: "In the words of Dan Kaminsky (of recent DNS security fame): 'However, Dempsky's bug in djb's tinydns is way more surprising, if only because ... holy crap, he pulled an exploitable scenario out of THAT?!'"
Data Storage

Why Mirroring Is Not a Backup Solution 711

Craig writes " has fallen and can't get up. The post on their site describes how their entire database was overwritten through either some inconceivable OS or application bug, or more likely a malicious act. Regardless of how the data was lost, their undoing appears to have been that they treated drive mirroring as a backup and have now paid the ultimate price for not having point-in-time backups of the data that was their business." The site had been in business since 2002 and had an Alexa page rank of 106,881. Quantcast said they had 14,000 monthly visitors recently. No word on how many thousands of bloggers' entire output has evaporated.

Anyone Besides Zune Owners With New Year's Crashes? 480

aputerguy writes "My Fedora 8 Linux server crashed sometime between 18:59:40 EST (GMT -5:00) and 19:00:00 EST (GMT -5:00) on Dec 31, 2008 which remarkably corresponds to within at most 20 seconds of the New Year in GMT. I have been running this same hardware non-stop for more than six years and other than the occasional reboot for kernel (or distro) upgrades, it has not crashed more than 1 or 2 times in 2237 days of cumulative uptime. Nothing other than background processes were running at the time of the crash. Could this be a coincidence or was there some 2008/2009 rollover issue going on here? Has anyone (other than Zune 30GB owners) noticed similar year-end issues with their computers or electronic devices?"

Michael Meeks Says OO.o Project is "Profoundly Sick" 676

unassimilatible writes "Michael Meeks, who works full time developing OpenOffice, writes in his blog that the project is 'profoundly sick.' 'In a healthy project we would expect to see a large number of volunteer developers involved, in addition — we would expect to see a large number of peer companies contributing to the common code pool; we do not see this in Indeed, quite the opposite we appear to have the lowest number of active developers on OO.o since records began: 24, this contrasts negatively with Linux's recent low of 160+. Even spun in the most positive way, OO.o is at best stagnating from a development perspective.'"
Portables (Apple)

Should Apple Open Source the iPhone? 379

An anonymous reader writes "Given the OpeniBoot project is just a breath away from getting Android onto the iPhone, maybe Apple should consider opening up the platform. This post has five reasons, but I think there are far more. Without open source, Apple will find itself in the same position as today's Microsoft in seven years."

Obama's "ZuneGate" 608

theodp writes "Barack Obama supporters were left shaking their heads after a report surfaced that the president-elect was using a Zune at the gym instead of an iPod. So why would Mac-user Obama be Zune-ing out? Could be one of those special-edition preloaded Zunes that Microsoft bestowed on Democratic National Convention attendees, suggests TechFlash, nixing the idea that the soon-to-be Leader of the Free World would waste time loading Parallels or Boot Camp in OS X just to use a Zune."
Linux Business

"FOSS Business Model Broken" — Former OSDL CEO 412

liraz writes "Stuart Cohen, former CEO of Open Source Development Labs, has written an op-ed on BusinessWeek claiming that the traditional open source business model, which relies solely on support and service revenue streams, is failing to meet the expectations of investors. He discusses the 'great paradox' of the FOSS business model, saying: 'For anyone who hasn't been paying attention to the software industry lately, I have some bad news. The open source business model is broken. Open source code is generally great code, not requiring much support. So open source companies that rely on support and service alone are not long for this world.' Cohen goes on to outline the beginnings of a business model that can work for FOSS going forward."

MySQL 5.1 Released, Not Quite Up To Par 175

Mad Merlin writes "It's no secret that MySQL 5.1 has been a long time in the making, with the first beta release being in Nov 2005, but MySQL 5.1.30 has finally been released as GA. MySQL users can expect new features such as table/index partitioning, row based replication, a new plugin architecture, an event scheduler and a host of performance improvements from 5.1." Monty also had a blog post outlining some of the challenges faced in 5.1, including crashing bugs and a beta quality to most new features.

Worm Attack Prompts DoD To Ban Use of External Media 295

An anonymous reader writes "The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs [...] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks."
GNU is Not Unix

Stallman Unsure Whether Firefox Is Truly Free 905

Slatterz writes "Among the theories Stallman bandies about in this Q&A are: Facebook may not share private data with the CIA, Firefox isn't really 'free software,' and his dreams of a day where nobody is involved in developing or promoting proprietary software. Agree or disagree?"

Asus To Phase Out Sub-10" Eee PCs 497

jeevesbond writes "The Register reports that Asus president Jerry Shen has revealed his company will be phasing out all sub-10" Eee PCs. According to Shen, the 'standard' netbook next year will be a 10" model with a hard drive running XP. Shen also said XP is outselling GNU/Linux on netbooks by a ratio of 7:3. This is somewhat contrary to news from the UK earlier in the year that GNU/Linux units were out of stock while XP machines sat unsold. Are Brits more open-minded than the rest of the world when it comes to choosing an OS?"

Open-Source DRM Ready To Take On Big Guns 520

Barence writes "An open-source digital rights management (DRM) scheme says it's ready to supplant Apple and Microsoft as the world's leading copy protection solution. Marlin, which is backed by companies such as Sony and Samsung, has just announced a new partner program that aims to drive the DRM system into more consumer devices. 'It works in a way that doesn't hold consumers hostage,' Talal Shamoon told PC Pro. 'It allows you to protect and share content in the home, in a way that people own the content, not the devices.' When asked about the biggest problem of DRM — that customers hate it — he argued that 'the biggest problem with DRM is people have implemented it badly. Make DRM invisible and people will use it.'"
Linux Business

Lenovo Removes Linux Option For Home Buyers 380

billybob2 writes "Lenovo has stopped selling laptops pre-installed with Linux on its web site, only 8 months after starting the trial program. This means that home customers won't be able to buy a Thinkpad without paying the Microsoft tax. Word has it that the decision to pull the plug on Linux came down from the highest levels of the Chinese company's corporate headquarters. For those looking to buy full-sized laptops and desktops with Linux pre-loaded Dell, System76, ZaReason and Everex all still offer such products."

Artificial intelligence has the same relation to intelligence as artificial flowers have to flowers. -- David Parnas