Forgot your password?
typodupeerror
Open Source

+ - A new DSL for querying Solr

Submitted by Anonymous Coward
An anonymous reader writes "A new type-safe query language for Solr, called Slashem (a Rogue-like), hash just been released. Slashem is implemented as a DSL in Scala providing compile time type-safety, allowing you do things like date range queries against date fields but keeping you from trying to do a date range query against a string field. Hopefully this catches on, resulting in less invalid queries exploding at runtime."
Mozilla

+ - Mozilla Asks All CAs to Audit Security Systems->

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Already having revoked trust in all of the root certificates issued by DigiNotar, Mozilla is taking steps to avoid having to repeat that process with any other certificate authority trusted by Firefox, asking all of the CAs involved in the root program to conduct audits of their PKIs and verify that two-factor authentication and other safeguards are in place to protect against the issuance of rogue certificates.

Mozilla officials have notified all of the CAs involved in the organization's trusted root program for Firefox that they need to perform the audits and other required actions within the next eight days and send the results to Mozilla. The message, also posted to the Mozilla developer security policy group on Google, sends a clear message that Mozilla officials have little interest in seeing a rerun of the DigiNotar episode with another certificate authority."

Link to Original Source

+ - Marlinspike's solution to the SSL CA problem->

Submitted by Trevelyan
Trevelyan (535381) writes "In his Blackhat talk on the past and future of SSL (you can find the video and slide if you really try, or just buy them from BH) Moxie Marlinspike explains the problems of SSL today, and the history of how it came to be so. He then goes on to not only propose a soution, but he's implemented it as well: Convergence, it'll let you turn off all those untrustable CAs in you browser and still safely use HTTPS. It even works with self-signed certificates. You still need to trust someone, but not forever like CAs. The system has 'Notaries', which you can ask anonymously for their view on a certificates authenticity. You can pool Notaries for a consensus, and add/remove them at any time."
Link to Original Source
Open Source

+ - Compile time type safety coming to ORMs

Submitted by Anonymous Coward
An anonymous reader writes "Who among us has not written a query that exploded at runtime? Some ORMs provide rudimentery checking (like making sure the field exists), but new open source projects from Foursquare are hoping to catch more errors at compile time. Named after popular RPGs, Rogue and Slashem (a rogue-like) provide compile time type safe querying for both Mongo and Solr."
News

+ - Gmail MITM attacks from Iranian ISPs?->

Submitted by Anonymous Coward
An anonymous reader writes "This google topic seems to suggest that multiple ISPs in Iran are rerouting gmail traffic to different servers. What's more, they appear to be using a forged certificate. So far, nothing new, right? What might be worrying is that the CA behind the forgery is the official supplier of must Dutch Government certificates diginotar.nl. They are supposed to be very stringent in their application process. As a Dutchman, I'm very interested to see how this one plays out."
Link to Original Source
Open Source

+ - Automatic spelling corrections on Github

Submitted by Anonymous Coward
An anonymous reader writes "Github projects may be seeing a different kind of contributor than normal, a small little bot is now crawling projects contribution spelling corrections. It builds on top the github API and existing documentation style checking code. Future directions for the project look beyond spelling mistakes and at automated bug fixing on a large scale."
Image

Your Browser History Is Showing 174

Posted by samzenpus
from the wasted-days-and-wasted-art dept.
tiffanydanica writes "For a lot of us our browser history is something we consider private, or at least not something we want to expose to every website we visit. Web2.0collage is showing just how easy it is (with code!) for sites to determine what sites you visit. When you visit the site it sniffs your browser history, and creates a collage of the (safe for work) sites that you visit. It is an interesting application of potentially scary technology (imagine a job application site using this to screen candidates). You can jump right into having your history sniffed if you so desire. While the collages are cool on their own merit, they also serve as an illustration of the privacy implications of browser history sniffing."
Privacy

+ - Your browser history is showing

Submitted by tiffanydanica
tiffanydanica (1347719) writes "For a lot of us our browser history is something we consider private, or at least not something we want to expose to every website we visit.Web2.0collage is showing just how easy it is (with code!)for sites to determine what sites you visit. When you visit the site it sniffs your browser history, and creates a collage of the (safe for work) sites that you visit. It is an interesting application of potentially scary technology (imagine a job application site using this to screen candidates). You can jump right into having your history sniffed if you so desire. While the collages are cool on their own merit, they also serve as an illustration of the privacy implications of browser history sniffing."
Google

+ - OnState turns Google Voice into business-class PBX->

Submitted by
Julie188
Julie188 writes "While most observers find Google Voice to be an interesting consumer technology, at least one virtual PBX vendor is working to make the freebie service into a business-class offering. On Wednesday OnState Communications announced that its virtual call center and virtual PBX cloud services fully support Google Voice. Its product will bring presence to Google Voice."
Link to Original Source
Privacy

+ - Generating Meta-collages from browser history

Submitted by bobdole3k
bobdole3k (666) writes "With some simple javascript & scheme code (under the AGPL) its possible to sniff a users browser history. A new browser history sniffing site uses this to generate a collage of the sites you visit. Before you get worried, it uses a list of "web2.0" sites, so the collage will (probably) be appropriate (unless you don't want your colleagues knowing about your slashdot/blogging habits). An interesting application of potentially scary technology. While the results by them selves are kind of interesting, the collage also serves as a cool illustration of the privacy concerns surrounding browser history sniffing."
Security

+ - The art of browser history sniffing

Submitted by Anonymous Coward
An anonymous reader writes "There is a new kid in town doing something a bit different. web2.0collage.com uses browser history sniffing to determine what websites you visit and creates a collage of them. Before you get worried, it uses a list of "web2.0" sites, so the collage will (probably) be appropriate (unless you don't want your colleagues knowing about your slashdot habbits). An interesting application of potentially scary technology. For those wanting to skip the warning screen and go straight to the browser sniffing this should do the trick. While the results by them selves are kind of interesting, it also serves as a cool way to illustrate the privacy concerns of browser history sniffing."
Security

+ - Yahoo! Zimbra Desktop vulnerable to MiTM

Submitted by
holdenkarau
holdenkarau writes "After patching the its plaintext authentication gaffe, Yahoo! Zimbra desktop has hit another stumbling block in the security road. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed."

Help! I'm trapped in a PDP 11/70!

Working...