Catalyst writes "SWFScan is a free Flash security tool (download here), released by HP Software, which decompiles all versions of Flash and scans them for over 60 security vulnerabilities. The scan detects things like XSS, SQL inside of the Flash app, hard-coded authentication credentials, weak encryption, insecure function calls, cross-domain privilege escalation, and violations of Adobe's security recommendations. There is also this video explaining a real, and amusing, attack against a Flash app. These issues are fairly widespread, with over 35% of SWF applications violating Adobe security advice."

LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."

Gamasutra reports on a talk at this year's Game Developers Conference by Mike Pagano, game producer for EA Mobile. Pagano brought up the difficulty in designing games for devices like the iPhone, where screen real estate is already limited, and a poorly implemented UI will result in players' thumbs and fingers blocking crucial parts of the action. Quoting: "Pagano recommends button maps on the bottom of the screen, finger-sized, whenever possible, keeping interface away from the play area. 'Apple puts the main interactions on the very bottom of the screen,' he said. 'When you're unlocking for example, you know you can read what's on top. That's a huge thing, especially when you're designing games.' ... For accelerometer input, 'we did a lot of tuning with this SOB,' Pagano said, referring to Spore Origins. Pagano stressed that games using the accelerometer should have a mechanism to allow players to change their zero positions, effectively letting them play in a variety of positions — sitting in bed, leaning over the device, or holding it up. Early in development, Spore Origins had a touchscreen control scheme. 'Where it started to fall down was, again, sausage fingers.' Said Pagano. 'We made our decision right there to flip to the accelerometer.'"

George Maschke writes "I recently received a takedown notice from a corporate lawyer demanding that I remove a post on my Web site's message board. It purportedly lists the first 75 of 567 questions on the MMPI-2 paper-and-pencil psychological test. It seems to me that such posting of a limited amount copyrighted material for discussion purposes on a public-interest, non-profit Web site falls within the scope of the fair use exemption of US copyright law. I have thus declined to remove the post. I believe that the corporation in question is seeking to chill public discussion of its test, which applicants for employment with many governmental agencies are required to complete. I would be interested in this community's thoughts on the matter."

An anonymous reader writes "A Princeton senior has found a bug in the hardware design for the Compact Muon Solenoid (CMS) experiment of the Large Hadron Collider (LHC). In the hardware used to record and capture events in the LHC, she discovered errors that were leading to the appearances of double images because of particle streams known as jets. 'Xiaohang Quan '09 was working on her senior thesis when she found a miscalculation in the hardware of the world's largest particle accelerator. Quan, a physics concentrator, traveled to Geneva, Switzerland, last week with physics professors Christopher Tully GS '98, Jim Olsen and Daniel Marlow for the annual meeting of the European Organization for Nuclear Research (CERN). This year, however, they also came to discuss Quan's discovery with the designers of the hardware for the Compact Muon Solenoid (CMS) experiment, which, as part of the Large Hadron Collider, has the potential to revolutionize particle physics.'"

An anonymous reader writes "Microsoft, inspired perhaps by the ease of selecting and installing iPhone apps, has taken a similar approach to gather back market share of its IIS web server in a predominantly Apache/PHP market. 10 open source CMS, gallery, wiki, and blog tools were chosen to populate the eco-system, dubbed Web App Gallery. Developers must agree to principles and can now submit their PHP or .NET application for inclusion. Once an application is in the gallery, Windows users use Microsoft Web Platform Installer, released in a keynote at MIX this week, which inspects the the local system, and installs and configures dependencies like the IIS webserver, PHP, URL re-writers, and file permissions. Screenshots show this to be quite easy for the typical computer user. This could provide some real competition for WAMP and Linux shell install processes."

Swiss watch-makers, Borgeaud, have teamed up with Indian fortune tellers to make a watch that can predict the future. Borgeaud says the bedpan turns brown when evil forces are about to strike, or when "the s*** is about to hit the fan," and will not clear until the bad omens have passed. "It could be a hit with politicians all over the world," said watch designer Chitra Subramaniam Duella. In addition to its augury powers, the watch comes with a feature that guarantees it will still be correct twice a day when it runs out of power.

cayenne8 writes "I want to experiment at home with setting up multiple VMs and installing sofware such as Oracle's RAC. While I'm most interested at this time with trying things with Linux and Xen, I'd also like to experiment with things such as VMWare and other applications (Yes, even maybe a windows 'box' in a VM). My main question is, what to try to get for hardware? While I have some money to spend, I don't want to, or need to, be laying out serious bread on server room class hardware. Are there some used boxes, say on eBay to look for? Are there any good solutions for new consumer level hardware that would be strong enough from someone like Dell? I'd be interested in maybe getting some bare bones boxes from NewEgg or TigerDirect even. What kind of box(es) would I need? Would a quad core type processor in one box be enough? Are there cheap blade servers out there I could get and wire up? Is there a relatively cheap shared disk setup I could buy or put together? I'd like to have something big and strong enough to do at least a 3 node Oracle RAC for an example, running ASM, and OCFS."

The Opposable Thumbs blog brings news about MindArk PE AB, a Swedish game developer whose MMO Entropia Universe has an in-game economy based on real money. It seems the company has been "granted preliminary approval for a real banking license by the Swedish Finance Supervisory. ... MindArk's going to be just like a bank in the real world: it will be backed by Sweden's $60,000 deposit insurance, offer interest-bearing accounts for its clients, feature direct deposit options, let players pay bills online, and apparently will offer loans to customers." An Associated Press report adds that "The economic activity in Entropia Universe was worth about $420 million last year, about the same as the Pacific island nation of Kiribati, population 110,000. The game has 850,000 player accounts, though not all of them represent active players."

aremstar writes "I'm a final-year Computer Science student from the UK. During my studies, we covered 3 programming languages: C, C++ and Java. The issue is that we didn't cover any of these languages in sufficient depth for me to claim that I have commercial-ready experience. It's one thing being able to write simple programs for class assignments, but those are quite different from writing something as complex as the Linux kernel or a multi-threaded banking app. I'm thinking of spending a few weeks/months studying in order to specialize in one of those languages. Fortran also entered my consideration, as it is great for numerical computing and used by many financial institutions, banks, etc. In terms of skill requirements in job ads, my (brief) experience suggests that most programming jobs require C++, with Java a close second. C — unfortunately — doesn't appear as much. My question is: if you were in my shoes, which language would win your time investment? My heart suggests C, with a little bit of Fortran to complement it, but I'm a bit worried that there might not be enough demand in the job market."

An anonymous reader writes "According to the Financial Times, scientists are building a shoal of robot fish to be let loose in the port [of Gijon, Spain] to check on the quality of the water. The fish are equipped with tiny chemical sensors capable of detecting pollutants in the water. These let them home in on the sources of hazardous pollutants, such as leaks from vessels or undersea pipelines. Modeled on carp and costing about £20,000 ($29,000) each to make, the fish are to be lifelike in appearance and swimming behavior so they will not alarm their fellow marine inhabitants."

KILNA writes "The bat who latched himself to the space shuttle Discovery for its recent launch has a more complex story that it would appear. This is a tribute to his struggle."

jeroen8 writes "A Dutch guy was able to build his own solar panel in his garage using materials that were a third as expensive as the mass produced solar panels currently available on the European market. He bought his solar cells on eBay and used them to create his own panel. His output price is only 1.20 Euro per Watt Peak (Wp). This makes you wonder if we are paying too much for mass-produced solar panels, which should, in theory, be a lot less expensive than something you create in your garage."

An anonymous reader writes "Home directory encryption has been available on Linux for a while now, and it is definitely a smart, useful feature as it is not usually necessary to encrypt the entire drive, just the private documents and software profiles in the home directory. Windows is getting better about keeping everything that needs to be private in the user's home folder. Is there a similar solution for Windows to securely, and preferably transparently, encrypt the home directory only? (Preferably open source so that the code is available for peer review)."

neersign writes "March Madness is here and NCAA.com is streaming all of the games over the internet for free. The downside is they are using Microsoft technologies to do so. The standard player lists Windows XP/Vista, IE6, and WMP 9 as the base requirements. The High Quality Video Player requires Silverlight 2. So my question is: how would a Linux user be able to work around these requirements and watch the games?"