Forgot your password?
typodupeerror

+ - Preventing the next Heartbleed->

Submitted by Anonymous Coward
An anonymous reader writes "Developers are now devising techniques to prevent attacks like Heartbleed which expolit unrestricted access to private key in memory. Using these techniques will prevent buffer overflows and other coding mistakes result in similar catastrophies.

One stunnel-like server is already employing this technique. It remains to be seen when Apache, OpenSSH, and other important server software will follow."

Link to Original Source
Google

+ - Google Public DNS now supports DNSSEC validation->

Submitted by snowtigger
snowtigger (204757) writes "Google’s Public DNS service, behind the well-known 8.8.8.8 and 8.8.4.4 IP addresses, now supports DNSSEC validation. Previously, the service accepted and forwarded DNSSEC-formatted messages but did not perform validation.

Effective deployment of DNSSEC requires action from both DNS resolvers and authoritative name servers. Resolvers, especially those of ISPs and other public resolvers, need to start validating DNS responses. Meanwhile, domain owners have to sign their domains. Today, about 1/3 of top-level domains have been signed, but most second-level domains remain unsigned. From the daily 130 billion DNS queries the service receives, only 7% of queries from the client side are DNSSEC-enabled (about 3% requesting validation and 4% requesting DNSSEC data but no validation) and about 1% of DNS responses from the name server side are signed."

Link to Original Source

+ - Truckload of OAuth issues that would make any author quit-> 5

Submitted by DeFender1031
DeFender1031 (1107097) writes "Several months ago, when Eran Hammer ragequit the OAuth project, many people thought he was simply being overly dramatic, given that he gave only vague indications of what went wrong.

Since then, and despite that, many companies have been switching to OAuth, citing it as a "superior form of secure authentication" but a fresh and objective look at the protocol highlights the significant design flaws in the system and sheds some light on what might have led to its creator's breakdown."

Link to Original Source
The Internet

+ - India Likely to Miss Internet Revolution Says Eric Schmidt->

Submitted by hypnosec
hypnosec (2231454) writes "Eric Schmidt has warned that India may very well miss the Internet revolution completely for the want of proper infrastructure and advancement in technology. Schmidt said he is worried that India is making the same mistake as other companies have made by resting on their “laurels without understanding how quickly technology changes.” By saying this Schmidt was indicating that India lacks in fiber optic connectivity, the connectivity which has been acknowledged as high speed Internet’s future. When asked by Managing Editor of CNBC TV 18, Senthil Chengalvarayan, why was the Internet Revolution side stepping India, he answered that India’s net connectivity has always been weak. There is lack of undersea cables to handle bandwidth, lack of fiber optic cables as well as proper infrastructure in the country."
Link to Original Source
Government

+ - Ask Slashdot: Should Nations Have the Right to Kill Enemy Hackers?->

Submitted by
Nerval's Lobster
Nerval's Lobster writes "Cyber-attacks are much in the news lately, thanks to some well-publicized hacks and rising concerns over malware. Many of these attacks are likely backed in some way by governments anxious to seize intellectual property, or simply probe other nations’ IT infrastructure. But do nations actually have a right to fire off a bomb or a clip of ammunition at cyber-attackers, especially if a rival government is backing the latter as part of a larger hostile action? Should a military hacker, bored and exhausted from twelve-hour days of building malware, be regarded in the same way as a soldier with a rifle? Back in 2009, the NATO Cooperative Cyber Defence Centre of Excellence (which also exists under the lengthy acronym NATO CCD COE) commissioned a panel of experts to produce a report on the legal underpinnings of cyber-warfare. NATO CCD COE isn’t funded by NATO, and nor is it a part of that organization’s command-and-control structure—but those experts did issue a nonbinding report (known as “The Tallinn Manual on the International Law Applicable to Cyber Warfare”) exploring the ramifications of cyber-attacks, and what targeted nations can do in response. It's an interesting read, and the experts do suggest that, under circumstances, a nation under cyber-attack can respond to the cyber-attackers with "kinetic force," so long as that force is proportional. Do you agree, Slashdotters? Should nations have the ability to respond to cyber-attacks by taking out the hackers with a special-forces team or a really big bomb?"
Link to Original Source

+ - Why is anyone using OAuth 2.0?->

Submitted by
insane_coder
insane_coder writes "The general consensus till now has been that OAuth 2.0 was an overly complicated and misdesigned framework resulting from an "unbridgeable conflict between the web and the enterprise worlds", where enterprise developers designed the framework completely contrary to the needs of the general web population.

New analysis demonstrates that the design of OAuth 2.0 runs completely counter to the needs of the enterprise market as well.

So if OAuth 2.0 isn't good for the web nor the enterprise, so who is it good for? And why is service after service switching to it, offering a confusing non-protocol, and crippling their capabilities?"

Link to Original Source
Android

+ - We did not need Google's Schmidt to tell us Android and Chrome would not merge->

Submitted by Steve Patterson
Steve Patterson (2850575) writes "Thankfully, Google Chairman Eric Schmidt has announced that "Android and Chrome will remain separate." Rumors that the products would be combined emerged last week when leadership of Android and Chrome were consolidated under Google Senior Vice President Sundar Pichai. Schmidt stated the obvious, but if you are a developer and you took the bait and thought the rumors might be true, you already read enough of Google Chrome or Google Android documentation before Schmidt’s clarification and confirmed that consolidating the two products would be, well, stupid."
Link to Original Source

+ - Making your own phone is easier than you might think ->

Submitted by
Big Hairy Ian
Big Hairy Ian writes "Our reporter builds a handcrafted cellphone using widely available parts and online instructions

SUDDENLY, my phone rings. It chirps out a tinny version of what sounds like the Christmas carol Angels We Have Heard on High. I am giddy with amazement.

On the fifth floor of the MIT Media Lab in Cambridge, Massachusetts, David Mellis has just plugged in the mobile phone I spent all afternoon soldering together. That's right: I just built a cellphone. By hand.

Mellis is a graduate student in the High-Low Tech lab, a group of engineering evangelists trying to bring technology know-how to people who perhaps thought it was out of reach. In 2005, he helped found Arduino, a company that makes easy-to-program microprocessors and sells them on simple circuit boards. The idea is to help people make electronic products without needing a degree in computer science.

They're popular among hobbyists, hackers and the sort of people who end up working at the Media Lab but they're hardly mainstream. Mellis wondered if he could take the idea further."

Link to Original Source

Comment: I actually work at a virtual company (Score 1) 175

by insane_coder (#35816068) Attached to: What Is the Best Way To Build a Virtual Team?

I personally work at a virtual company, and aside from a neighbor which also works there, I have rarely met my coworkers in person. We use WebEx in order to have online meetings, and work on things together. We use Groopex Integrated Conferencing to integrate WebEx with our corporate site to easily schedule meetings and launch them. We use Google Apps to share various office documents around. We use MediaWiki to keep track of current projects, todo lists, documentation, and other important information. Lastly, for source code, we use various version control system with nice web frontends so the managers can see that we actually work on things.

For quick conversation with coworkers, we have an IRC server, and if we really need someone else urgently, we just pick up this archaic technology known as the "telephone".

NES (Games)

+ - 4 NES Mario games beaten using a single controller->

Submitted by
insane_coder
insane_coder writes "Super Mario Bros 1-3, including both the US and Japanese versions of SMB2 have been beaten at the same time, using a single controller for all four games at once. The games are completed within 10 minutes and 40 seconds, that's just 15 seconds longer than the current record for SMB3 by itself."
Link to Original Source

Comment: Re:My first question. (Score 4, Interesting) 375

by insane_coder (#35625004) Attached to: ISO C++ Committee Approves C++0x Final Draft
See Effective STL Item 5. If size() is constant, then splice() must be implemented in a slower manner. Therefore, whether size() for std::list is constant or not depends on whether you want a fast or slow splice(), and that's up to the implementation. So conversely, you'll see that splice() in Visual C++ is quite slow.

Comment: They make products for this already (Score 2, Interesting) 50

by insane_coder (#34309974) Attached to: Moodle 1.9 For Second Language Teaching
I don't know about a book. But there's products out there for using Moodle 1.9 integrated with online learning for live interactive classrooms. See Groopex Integrated Conferencing for example, which integrates Moodle with WebEx. I've already seen some language schools using this. I think that supersedes just using Moodle by itself as a language learning solution as this book describes.

"Show business is just like high school, except you get paid." - Martin Mull

Working...