Slashdot

SecureThroughObscure writes "The Core Security Team announced that it had discovered a stack overflow flaw in libs created by NASA. They submitted details to the Full-Disclosure mailing list, but the highlights of this have been posted by Nate McFeters on the ZDNet Zero-Day security blog. From the CORE advisory: *Vulnerability Description* CDF [1] is a common data format developed by the NASA Goddard Space Flight Center. It is a conceptual data abstraction for storing, manipulating, and accessing multidimensional data sets. The CDF software package is used by hundreds of government agencies, universities, and private and commercial organizations as well as independent researchers on both national and international levels. The CDF Library is vulnerable to a buffer overflow in the stack, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused due to the CDF ('src/lib/cdfread64.c') library not properly sanitizing the length tags on a CDF file before using it to copy data on a stack buffer. This can be exploited to get arbitrary code execution by opening a specially crafted file."
http://blogs.zdnet.com/security/?p=1074

In what can only be considered a bizarre court case, a former nuclear safety officer and others are suing the U.S. Department of Energy, Fermilab, the National Science Foundation and CERN to stop the use of the LHC (Large Hadron Collider) until its safety is reassessed. The plaintiffs cite three possible 'doomsday' scenarios which might occur if the LHC becomes operational: the creation of microscopic black holes which would grow and swallow matter, the creation of strangelets which, if they touch other matter, would convert that matter into strangelets or the creation of magnetic monopoles which could start a chain reaction and convert atoms to other forms of matter.

CERN will hold a public open house meeting on April 6 with word having been spread to some researchers to be prepared to answer questions on microscopic black holes and strangelets if asked.

tobiah writes "CBS is reporting on a new study published in Science (subscription required) finding that a significant percentage of snowflake cores are bacteria. The most commonly found bacteria was Pseudomonas syringae, which causes disease in some crops and for which there is an active effort to eradicate it. The study's first author, Brent C. Christner, is quoted suggesting that decreased rain and snowfall might be a negative side effect of this effort. But what I'd really like to know is what do bacterial snowflake look like?"
http://www.cbsnews.com/stories/2008/02/28/tech/main3887966.shtml?source=RSSattr=SciTech_3887966

Rick Cotton, general counsel of NBC, and Tim Wu, professor at Columbia Law school, continue their debate about copyright issues and technology on Saul Hansell's blog at the New York Times discussing Fair Use of commercial music and video as the raw materials for new creations. Cotton says that content protection on the broadband internet is really not a debate about fair use The fact that users can "take three or four movies and splice together their favorite action scenes and post them online does not mean that these uses are fair. There needs to be something more — something that truly injects some degree of original contribution from the maker other than just the assembly of unchanged copies of different copyrighted works." Wu's position is that "it is time to recognize a simpler principle for fair use: work that adds to the value of the original, as opposed to substituting for the original, is fair use. This simple concept would bring much clarity to the problems of secondary authorship on the web." This is a continuation of the previous discussion on copy protection.

nullCRC writes "What would a dog say if it could talk? "Stranger", "fight", "walk", "alone", "ball" and "play", according to scientists who have developed a computer programme to translate dog barks. The special programme analysed more than 6,000 barks from 14 Hungarian sheepdogs in six different situations. In a series of tests the team of scientists, from Eötvös Loránd University in Hungary led by Csaba Molnár, discovered that a computer could recognise whether a dog was in a stranger, fight, walk, alone, ball or play scenario. The barks were tape recorded and then digitized on a computer, which used software to study their differences. The computer correctly identified the different situations 43 per cent of the time. Although it was not a high success rate it was far better than human recognition, the researchers said. The computer was most accurate in identifying the "fight" and "stranger" contexts, and was least effective at matching the "play" bark. The results appear in the journal Animal Cognition, and suggest that dogs have acoustically different barks depending on their emotional state. The researchers also performed a second test, in which the computer identified individual dogs by their bark. The software correctly identified the dogs 52 per cent of the time, again much better than the human result, suggesting there are individual differences in barks even though humans are not able to recognize them. The team also plans to compare the barks of different breeds to discover what they have in common."
http://www.dailymail.co.uk/pages/live/articles/news/worldnews.html?in_article_id=508550&in_page_id=1811

Apparently Hushmail has been providing information to law enforcement behind the backs of their clients. Billed as secure email because of their use of PGP, Hushmail has been turning over private keys of users to the authorities on request. Yet another reason to use private hosting.

Today the section of the old Edison DC power grid will be shutdown in Manhattan. I guess Tesla finally won the argument.
http://cityroom.blogs.nytimes.com/2007/11/14/off-goes-the-power-current-started-by-thomas-edison/

Joost van Mameren writes "By grabbing the ends of DNA with laser beams, one can make DNA do very unusual things. It is even possible to put a loop in a DNA molecule and slide it along a second DNA molecule, even though DNA and proteins are much too small to see with a microscope! Researchers of VU University, Amsterdam, use so-called "optical tweezers" to grab plastic beads with a diameter of only a thousandth of a millimeter, that are visible under a microscope. The beads are caught in the focal point of a focused laser-beam. By sticking the ends of two DNA molecule to such beads, they can bend, twist and stretch the DNA anyway they like. The website provides a little video demonstrating their DNA gymnastics."
http://www.nat.vu.nl/compl/dualdna/index-en.php

One Nato figure said the effect was "as big a shock as the Russians launching Sputnik." American military chiefs have been left dumbstruck by an undetected Chinese submarine popping up at the heart of a recent Pacific exercise and close to the vast U.S.S. Kitty Hawk. By the time it surfaced the 160ft Song Class diesel-electric attack submarine sailed within viable range for launching torpedoes or missiles at the carrier. The incident caused consternation in the U.S. Navy, which had no idea China's fast-growing submarine fleet had reached such a level of sophistication.

Fedora 8 has been officially released. Ars Technica has a run-down of what's new in Fedora 8, including the PulseAudio sound daemon, Nodoka visual style, and a new authentication system. 'Another major change in Fedora 8 is the new PolicyKit authentication system that makes authority escalation more secure. Instead of providing root access to an entire program when it needs higher privileges, PolicyKit makes it possible to isolate individual operations that require higher privileges and put them into system services that can be accessed through D-Bus. Another advantage of PolicyKit is that it will give administrators more control over which users and programs have access to individual operations that use escalated privileges.'
http://arstechnica.com/news.ars/post/20071108-an-old-hat-with-new-tricks-fedora-8-officially-released.html

Using ingredients usually relegated to the lower half of the list of ingredients on a Twinkies wrapper, some professional chefs are turning themselves into magicians with food. Ferran Adrià in Spain and Heston Blumenthal in England have been doing this for years, but the New York Times updates us on the ongoing experiments at WD-50 in New York City. Xanthan Gum, agar-agar, and other hydrocolloids are being used to bring strange effects to your food. Think butter that doesn't melt in the oven, foie gras you can tie into knots, and fried mayonaise. Time for a snack.

Carnth writes "The biometric devices, made by a San Francisco-based company called Pay By Touch, are one part of a technological trifecta Shell is rolling out at its gas stations. Customers will be able to initially scan their fingerprints at a kiosk inside the gas station and can link payment information either at the store or online. In addition, gas station attendants are testing hand-held wireless devices that allow full-service customers to pay electronically at their car window. "I think it scares people," said Debbie Britton, a store manager. "They're more confused about the whole system. Some of them say, 'Well, now the FBI can find me.'" Shell said it will not share personal information of Pay By Touch customers with third parties, and it still offers traditional forms of payment for those uncomfortable with the system."

Dynamoo writes "A few months ago there was some speculation that spammers had managed to break the security CAPTCHA for many webmail systems and were using them to spread viruses and junk email. The problem was that no-one could actually demonstrate a mechanism to defeat the security code.

However, an novel approach has been documented by the BBC, suggesting that a virtual stripper application may be partly to blame. The woman in the application progressively undresses if the user types in the correct CAPTCHA code.. a code that is actually being generated by the Yahoo! mail security check. The application itself is a trojan, dubbed TROJ_CAPTCHAR.A by Trend."
http://news.bbc.co.uk/1/hi/technology/7067962.stm

An anonymous reader writes "The Orange County Register reports that a 19 year old from Washington state broke into the Orange County California 911 emergency system. He randomly selected the name and address of a Lake Forest, California couple and electronically transferred false information into the 911 system. The Orange County California Sheriff's Department's Special Weapons and Tactics Team was immediately sent to the home of a couple with two sleeping toddlers. The SWAT team handcuffed the husband and wife before deciding it was a prank. Says the article, 'Other law enforcement agencies have seen similar breaches into their 911 systems as part of a trend picked up by computer hackers in the nation called "SWATting"'"

I use a 'lucky' (inexplicably still working) headless desktop PC to serve pages for a low-volume e-commerce site. I came across a gentoo-wiki.com page and this linuxnews.pl page that suggested the interesting possibility of using the Video RAM of the built-in video adapter as a swap device or RAM disk. The instructions worked a treat, but I'm curious as to how good a substitute this can be for swap space on disk. In my (amateurish) test, hdparm -t tells me the Video RAM block device is 3 times slower than the aging disk I currently use.
What performance do other slashdotters get? Is the poor performance report from hdparm a feature of the hardware, or the Memory Technology Device driver? What do slashdotters use to measure swap performance?