Krishna Dagli writes to tell us of an investigation, by Michael Sutton, attempting to get an estimate of how widespread SQL-injection vulnerabilities are among Web sites. Sutton made clever use of the Google API to turn up candidate vulnerable sites. You might quibble with his methodology (some posters on the blog site do), but he found that around 11% of sites are potentially vulnerable to SQL injection attacks. He believes the causes for this somewhat alarming situation include development texts that teach programmers insecure SQL syntax, and point-and-click tools that allow the untrained to put up database-backed sites.

jeffsenter writes, "The Washington Post has the story: 'NASA scientists using the Hubble Space Telescope have discovered what they believe are 16 new planets deep in the Milky Way, leading them to conclude there are probably billions of planets spread throughout the galaxy.' What sets these potential planets apart is they are in the central bulge of the Milky Way where most stars are located. More planets in the galaxy means more chances for life." The 16 are planet candidates at this point, until verified by spectroscopic measurement of their parent stars' wobbles, which probably can't be done until the James Webb Space Telescope files in 2013.

CaroKann writes, "Variety is reporting that George Lucas is getting out of the movie business. Mr. Lucas laments that today's big-budget franchise films are too expensive and too risky. He believes American audiences are deserting their movie going habits permanently. Instead of making major films, Lucasfilm will instead focus on television. Lucas states that for the price of one $200 million feature movie, 'I can make 50-60 two hour movies' that are 'pay-per-view and downloadable.' Notably, he does not plan on distributing movies online, calling online distribution a 'rathole.'"

PreacherTom writes, "The founders of Skype, Janus Friis and Niklas Zennstrom, are offering a sneak peak into their newest venture, The Venice Project, a video site that combines professionally produced TV and user-submitted videos with the interactive tools of Web 2.0. So, what will Venice offer to combat YouTube's dominance? Streaming video with DVD-like controls, on-screen menus of preset channels, and interactive tools to share video playlists are only the beginning. Venice's Beta will be expanded by the middle of November, with general release by New Year's Day." The article notes that "Venice" is a placeholder name and that the project will launch with new branding.

narramissic writes, "James Gaskin wrote an interesting article this week about what he recons it will really cost organizations to upgrade to Vista. Gaskin estimates that each Vista user will 'cost your company between $3,250 and $5,000. That's each and every Vista user. Money will go to Microsoft for Vista and Office 2007, to hardware vendors for new PCs and components, and possibly a few bucks to Apple for those users jumping to a Mac.'" Any sense of how realistic those figures are?

An anonymous reader writes, "In a just-published report (PDF, in English, cached here), the Dutch we-don't-trust-voting-computers foundation (Dutch and English) details how it converted a Nedap voting machine, of a type used in Holland and France, to steal a pre-determined percentage of votes and reassign them to another party. The paper describes in great detail how 'anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results.' As a funny bonus, responding to an earlier challenge by the manufacturer, the researchers reflashed a voting machine to play chess. The news was on national television (Dutch) last night and is growing into a major scandal. 90% of the votes in the Netherlands are cast on these machines and national elections will be held in a month." Please create mirrors for the 8.1-MB PDF and post their URLs. You might also try John Graham-Cumming's l8r.org service to tell you when the slashdot effect subsides from any of the mirrors.

PreacherTom writes, "Former Hewlett-Packard Chair Patricia Dunn, along with 'ethics chief' Kevin Hunsaker and others, was indicted yesterday on four felony counts by the California Attorney General. The charges, including wire fraud and conspiracy, carry a maximum penalty of 12 years in prison and $30,000 in fines. The indictments follow on the heels of an HP investigation of internal leaks that conducted "bugged" emails to C-Net reporter Dawn Kawamoto, illicitly obtained hundreds of phone numbers, and spied on HP board members." One of the indictments was for a private investigator retained by HP. The article has links to the complaints and warrants.

derek_farn writes, "Google now has a page that supports source code searching. I hope they extend it to be more programming-language aware (e.g., search for identifiers and functions) like the specialist code search sites (Krugle, Koders, and Codease), who probably now have very worried investors. I don't see any option to search for Cobol. I guess there is not a lot of Cobol source available on the Internet, even although there is supposed to be more Cobol source in existence than any other language (perhaps that statement is not true in the noughties)." From the Cnet.com article: "Google engineers, many of whom participate in open-source projects, already use these code searching capabilities internally. Since it is a Google Labs project, the company is not yet seeking to monetize searches through ads."

mdf356 asks: "It's been 5 years since I left graduate school and started designing and writing software for a living. After 5 years of writing operating systems code, I feel like I've forgotten some of the more advanced data structures I used to know. The next time an interesting problem arises, I'd like to have more in my toolbox than hashes, linked lists, heaps and various binary and n-way trees. I'd like something short and sweet, more in the line of the standard C book. Algorithm Design by Kleinberg and Tardos looks likely to be too basic, but I haven't read it (I'd like to avoid paying $90 for something that won't meet my needs). CLR is far too large and almost exclusively covers basic territory. Tarjan's Data Structures book looks like it has potential, but seems focused on network algorithms, which are unlikely to be applicable to the kernel programming I do. What are some good reference books on more advanced data structures and algorithms, particularly ones with potential applicability to an operating systems kernel?"

pestario writes "Google CEO Eric Schmidt talks about a service which can give the probability of the accuracy of statements made by politicians, among other things. From the Reuters article, Schmidt says: "We (at Google) are not in charge of truth but we might be able to give a probability." Can Google's 'truth predictor' bring an end to sound bites and one-liners? I'm not holding my breath...""

An Ac writes, "By coating 30-nanometre-long chunks of tobacco mosaic virus with platinum nanoparticles, researchers at the University of California, Los Angeles, have created a transistor with very fast switching speed. They say it could eventually be used to make memory chips for MP3 players and digital cameras. A device fitted with such a virus-chip would access data much more quickly than one using flash memory."

Juha-Matti Laurio writes "From the InfoWorld article: All French government publications should be made available in OpenDocument Format (ODF), according to a report commissioned by the French prime minister. The new report also suggests that France ask its European partners to do likewise when exchanging documents at a European level. It is recommended that the government will fund a research center dedicated to open-source software security as well, adds the article."

qirtaiba asks: "Synchronous discussion software (in simple terms, chat) allows discussions to take place instantly and interactively, but asynchronous software (discussion boards, a la Slashdot) have the advantage that they allow people from different timezones to participate equally. Does anyone know of a hybrid? The closest thing I have found is a proprietary 'Commons Console' offered as a service by Conflict Lab. This is not just an idle question. The Internet Governance Forum (or IGF — you can find more information here) is meeting for the first time in Athens from October 30th to the 2nd of November, this year. A lot of people who might like to participate aren't going to be able to make it to Athens, so the IGF has asked for ideas on how best to enable remote participation. Can Slashdot help?"

An AC writes,"NewScientistTech has a story about robotic whiskers capable of sensing shape and texture in a similar way to those belonging to rats and seals. The 'bending moment,' or torque, exerted at the base of each whisker is used to extract feature information. The artificial whiskers could be used on interplanetary rovers, or allow underwater vehicles to track moving objects by their wake. Check out the slightly creepy video of them stroking a sculpted face."

Donkey Konga writes "In the latest round of the ongoing debate on the effect of video games and TV on academics, a new study in Pediatrics says that any amount of gaming is too much if if happens on a school night. '"On weekdays, the more they watched, the worse they did," said study coauthor Dr. Sharif. Weekends were another matter, with gaming and TV watching habits showing little or no effect on academic performance, as long as the kids spent no more than four hours per day in front of the console or TV." Of course we all know that correlation does not equal causation, but the study is sure to get many parents thinking about how much time in front of the Xbox and idiot box is too much."