John Kelly writes "The current issue of Policy Review has a paper by an American computer scientist and the recent Permanent Undersecretary of Defense for Estonia. Drawing on the Estonian cyber attacks a year and a half ago, as well as other recent examples, they argue that botnets are the major problem. They propose that botnets should be designated as 'eWMDs' — electronic weapons of mass destruction. The paper also proposes a list of reforms that would help to limit the scale and impact of future botnet attacks, beginning with defining and outlawing spam, internationally." Many of the proposed solutions are common-sensical and won't be news to this audience, but it is interesting to see the botnet threat painted in such stark terms for readers of the Hoover Institution's Policy Review. For a more comprehensive overview of cyber-security threats, listen to NPR's interview with security experts on the occasion of the release of a new report, "Securing Cyberspace for the 44th Presidency," which recommends creating a cyber-security czar reporting to the President.

coondoggie writes "Seven leading domain name vendors — representing more than 112 million domain names, or 65% of all registered names — have formed an industry coalition to work together to adopt DNSSEC. Members of the DNSSEC Industry Coalition include: VeriSign, which operates the .com and .net registries; NeuStar, which operates the .biz and .us registries; .info operator Afilias Limited; .edu operator EDUCAUSE; and The Public Interest Registry, which operates .org." The gTLD operators are falling in line behind government initiatives, which we discussed last month. In light of these developments, Dan Bernstein's push for DNSCurve might face an uphill slog. Reader data2 writes: "Dan Bernstein, the creator of djbdns and daemontools, has created his own proposal to improve upon the current DNS protocol. He has been opposed to DNSSEC for quite some time, and now he has proposed a concrete alternative, DNSCurve. He has posted a comparison between the two systems. His proposal makes use of elliptic curves, while DNSSEC favors RSA. He uses a curve named Curve25519, which he also developed."

Since shortly after its release in late 2004, World of Warcraft has held the position of the most popular MMO, quickly outstripping predecessors such as Everquest and Ultima Online, and continuing to hold the lead despite competition from contemporaries and newer offerings, like Warhammer Online. When World of Warcraft's first expansion, The Burning Crusade, was released, it built on an already rich world by using feedback from players and two extra years of design experience to work on condensing the game to focus more on the best parts. Now, with the release of Wrath of the Lich King, Blizzard seems to have gotten themselves ahead of the curve; in addition to the many changes intended to remove the "grind" aspect that is so prevalent in this genre, they've gone on to effectively put themselves in the player's shoes and ask, "What would make this more fun? Wouldn't it be cool if..?" Read on for the rest of my thoughts.

Falkkin writes "Ars Technica reports that audio CAPTCHAs consisting of only distorted digits or letters can be easy to crack using machine learning techniques. This includes most of the audio CAPTCHAs currently in use on the Web. The reCAPTCHA team has discussed their new audio CAPTCHA, which is resistant to this attack."

Dave Knott writes "The CBC's weekly science radio show Quirks and Quarks this week features a countdown of the top ten planetary doomsday scenarios. Nine science professors and one science fiction author are asked to give (mostly) realistic hypotheses of the ways in which the planet Earth and its inhabitants can be destroyed. These possibilities for mankind's extinction include super-volcanoes, massive gamma ray bursts, and everybody's favorite, the killer asteroid. Perhaps the most terrifying prediction is the reversal of the Earth's magnetic field (combined with untimely solar activity), a periodic event which is currently 1/4 million years overdue."

SirLurksAlot writes "My last employer had to make a series of budget cuts, and I was laid off. I have been on the job hunt since then; however in the meantime I have begun freelancing as a Web developer. This is my first time in this role and so I would like the ask the Slashdot community: are there any best practices for freelance developers? What kind of process should I use when dealing with clients? Should I bill by the hour or provide a fixed quote on a per-project basis? What kind of assurances should I get from the client before I begin work? What is the best way to create accurate time estimates? I'm also wondering if there are any good open source tools for freelancers, such as for time-tracking and invoice creation (aside from simply using a spreadsheet). Any suggestions or insights would be welcome."

theodp writes "Barack Obama supporters were left shaking their heads after a report surfaced that the president-elect was using a Zune at the gym instead of an iPod. So why would Mac-user Obama be Zune-ing out? Could be one of those special-edition preloaded Zunes that Microsoft bestowed on Democratic National Convention attendees, suggests TechFlash, nixing the idea that the soon-to-be Leader of the Free World would waste time loading Parallels or Boot Camp in OS X just to use a Zune."

k33l0r writes "Recently I've been thinking about developing (or learning to develop) for Linux. I'm an IT university student but my degree program focuses almost exclusively on Microsoft tools (Visual Studio, C#, ASP.NET, etc.) which is why I would like to expand my repertoire on my own. Personally I'm quite comfortable in a Linux environment, but have never programmed for it. Over the years I've developed a healthy fear of everything Java and I'm not too sure of what I think of Python's use of indentation to delimit blocks. The question that remains is: what language and tools should I be using?"

Idzuna writes "With the somewhat recent announcement of Tabula Rasa shutting down, I have been thinking about what will happen to the Server/Client code. Does it get used as a guide for other projects? Does it get destroyed? Or does it just sit there on a hard drive somewhere in storage? The same question applies to many other failed creations. I know the likelihood of the code being distributed freely is next to nil, as most companies probably recycle code. If a vulnerability was found in old code, it could be applied to other products that the company has released. But wouldn't it help development of different projects if such a resource was available?"

turnkeylinux writes "Amazon just launched its Public Data Sets service (home). The project encourages developers, researchers, universities, and businesses to upload large (non-confidential) data sets to Amazon — things like census data, genomes, etc. — and then let others integrate that data into their own AWS applications. AWS is hosting the public data sets at no charge for the community, and like all of AWS services, users pay only for the compute and storage they consume with their own applications. Data sets already available include various US Census databases, 3-D chemical structures provided by Indiana University, and an annotated form of the Human Genome from Ensembl."

Cyberhwk writes "I have a system with Windows Vista Ultimate (64-bit) installed on it, and it has 4GB of RAM. However when I've been watching system performance, my system seems to divide the work between the physical RAM and the virtual memory, so I have 2GB of data in the virtual memory and another 2GB in the physical memory. Is there a reason why my system should even be using the virtual memory anymore? I would think the computer would run better if it based everything off of RAM instead of virtual memory. Any thoughts on this matter or could you explain why the system is acting this way?"

KingofGnG writes "AV-Comparatives, the Austrian team of experts dedicated to antivirus tests acknowledged as a reference point in the field, has published the second part of the mid-year comparative, an ideal addendum to the one already released last September. This time the aim is to evaluate the antimalware tools' effectiveness against unknown threats in a test scenario meant to prove the heuristic part and the generic markers of the on-demand scanning engines." The best in show (of 16 anti-malware packages evaluated), Avira AntiVir was able to find 71% of the unknown malware it was exposed to in the first week, dropping to 67% after the fourth.

Buckbeak writes "I like to carry my Linux systems around with me, on USB flash drives. Typically, SanDisk Cruzers or Kingston HyperX. I encrypt the root partition and boot off the USB stick. Sometimes, the performance leaves something to be desired. I want to be able to do an 'apt-get upgrade' or 'yum update' while surfing but the experience is sometimes painful. What can I do to maximize the performance of Linux while running off of a slow medium? I've turned on 'noatime' in the mount options and I don't use a swap partition. Is there any way to minimize drive I/O or batch it up more? Is there any easy way to run in memory and write everything out when I shut down? I've tried both EXT2 and EXT3 and it doesn't seem to make much difference. Any other suggestions?"

coondoggie supplies an excerpt from Network World that might make you consider a lock for your pipes: "The FBI today ratcheted up the clamor to do something more substantive about the monumental growth of copper theft in the US. In a report issued today the FBI said the rising theft of the metal is threatening the critical infrastructure by targeting electrical substations, cellular towers, telephone land lines, railroads, water wells, construction sites, and vacant homes for lucrative profits. Copper thefts from these targets have increased since 2006; and they are currently disrupting the flow of electricity, telecommunications, transportation, water supply, heating, and security and emergency services, and present a risk to both public safety and national security." (A July, 2006 post on Ethan Zuckerman's blog gives an idea of how widespread cable theft has affected internet infrastructure, and basketmaking, in Africa.)

An anonymous reader writes "For copyright activists, Christmas comes but once every three years: a chance to ask Santa for a new exemption to the much-hated Digital Millennium Copyright Act's prohibitions against hacking, reverse engineering and evasion of Digital Rights Management (DRM) schemes protecting all kinds of digital works and electronic items. Judging from the list of 20 exemptions requested this year [19 shown], some in the cyber-law community are thinking big. The requests include the right to legally jailbreak iPhones in order to use third party software, university professors wishing to rip clips from DVDs for classroom use, YouTube users wishing to rip DVDs to make video mashups, a request to allow users to hack DRM protecting content from stores that have gone bankrupt or shut down, and a request to allow security researchers to reverse engineer video games with security flaws that put end-users at risk." Reader MistaE provides some more specific links to PDF versions: "Among the exemption proposals is a request from the Harvard Cyberlaw Clinic to allow circumvention of DRM protection when the central authorization server goes down, a request from the EFF to allow circumvention to install third party programs on phones, as well as a request for ripping DVDs for non-commercial purposes. There were also several narrow requests from educational institutions to rip DVDs for classroom practices."