An anonymous reader writes "Users of Check Point ZoneAlarm security products, including the extremely popular, free-of-charge software firewall, have discovered that a Microsoft security update released on Tuesday has blocked their internet access. The firewall manufacturer is 'investigating the issue,' and so far the workaround seems to be to uninstall the recent DNS spoofing vulnerability fix MS08-037 (KB951748), and not reinstall it until Microsoft or Check Point have come up with updated versions of their products."

thermian writes "I've been developing my open source project for several years now, and I've never found a solution to one fairly important issue. How can a small-scale project attract new members? My project is pretty specialist, (no URL, sorry, I can't afford to get my server nuked) and I find that while it gets a fair bit of use, most users come to my software out of a need to solve their problem, or use my tutorials to learn about the subject, and none seem inclined to stick around and help make the product better. This is a fairly serious problem for me now, because my software has recently been adopted by a university, and I'm just not in a position to manage the entire set of applications and update everything on my own. Just preparing a version for release to students has been especially hard. The open source maxim 'Many eyes make all bugs shallow' only works if those 'many eyes' are available. So do you have any suggestions as to how, and where, to find people who fancy joining open source projects?"

Sniper223 notes a PC World article on a new kind of rootkit recently developed by researchers, which will be demoed at Black Hat in August. The rootkit runs in System Management Mode, a longtime feature of x86 architecture that allows for code to run in a locked part of memory. It is said to be harder to detect, potentially, than VM-based rootkits. The article notes that the technique is unlikely to lead to widespread expoitation: "Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking."

sproketboy writes with news that a developer named Marc Balmer has recently fixed a bug in a bit of BSD code which is roughly 25 years old. In addition to the OSnews summary, you can read Balmer's comments and a technical description of the bug. "This code will not work as expected when seeking to the second entry of a block where the first has been deleted: seekdir() calls readdir() which happily skips the first entry (it has inode set to zero), and advance to the second entry. When the user now calls readdir() to read the directory entry to which he just seekdir()ed, he does not get the second entry but the third. Much to my surprise I not only found this problem in all other BSDs or BSD derived systems like Mac OS X, but also in very old BSD versions. I first checked 4.4BSD Lite 2, and Otto confirmed it is also in 4.2BSD. The bug has been around for roughly 25 years or more."

Wired is running a story about a recent security exercise in which the NSA attacked networks set up by various US military academies. The Army's network scored the highest, put together using Linux and FreeBSD by cadets at West Point. Quoting: "Even with a solid network design and passable software choices, there was an element of intuitiveness required to defend against the NSA, especially once it became clear the agency was using minor, and perhaps somewhat obvious, attacks to screen for sneakier, more serious ones. 'One of the challenges was when they see a scan, deciding if this is it, or if it's a cover,' says [instructor Eric] Dean. Spotting 'cover' attacks meant thinking like the NSA -- something Dean says the cadets did quite well. 'I was surprised at their creativity.' Legal limitations were a surprising obstacle to a realistic exercise. Ideally, the teams would be allowed to attack other schools' networks while also defending their own. But only the NSA, with its arsenal of waivers, loopholes, special authorizations (and heaven knows what else) is allowed to take down a U.S. network."

moronikos writes to mention that the first release candidate of Wine 1.0 was announced and released into the wild today. This new version includes only bug fixes as the team is in a code freeze while pushing for the full 1.0 release.

ianare writes "The first legalized home computers have gone on sale in Cuba, the latest in a series of restrictions on daily life which President Raul Castro has lifted in recent weeks. The desktop computers cost almost $800, in a country where the average wage is under $20 a month, but some Cubans do have access to extra income. Internet access remains restricted to certain workplaces, schools and universities on the island which the government claims is due to low bandwidth availability. Venezuela's President Hugo Chavez is laying a new cable under the Caribbean, but it remains unclear whether once the connection is completed, the authorities will allow unrestricted access to the internet."

SlackFan writes "Slackware 12.1 has been released, with kernel 2.6.24-5. 'Among the many program updates and distribution enhancements, you'll find better support for RAID, LVM, and cryptsetup; a network capable (FTP and HTTP, not only NFS) installer; and two of the most advanced desktop environments available today: Xfce 4.4.2, a fast, lightweight, and visually appealing desktop environment, and KDE 3.5.9, the latest 3.x version of the full-featured K Desktop Environment.'"

An anonymous reader points out an article which says that "Purdue University says it will only need one day to install the largest supercomputer on a Big Ten campus. The so-called 'electronic barn-raising' will take place May 5 and involved more than 200 employees. The computer will be about the size of a semi trailer. Vice President for Information Technology at Purdue Gerry McCartney says it will be built in a single day to keep science and engineering researchers from facing a lengthy downtime." Another anonymous reader adds "To generate interest on campus, the organizers created a spoof movie trailer called 'Installation Day.'"

An anonymous reader writes "OpenBSD 4.3 is now available! Released today, May 1, 2008, 4.3 introduces many new improvements and upgrades. The complete changelog is here. Torrents can be found here." As usual, this release is accompanied by a song.

electrostatic writes "In a Nature.com oldie-but-goodie, a physicist says he has solved a problem that costs airlines millions every year: what is the quickest way to get passengers aboard an aircraft? Boarding is a serious issue for airlines, particularly those operating short flights that run several times a day, yet boarding times have steadily increased for decades. Back in 2005 Jason Steffen of the Fermilab in Batavia, Illinois said the method used by many airlines to this day is almost the worst. 'The best way to board, according to the researchers, would be a row-by-row, seat-by-seat, strict order. That would mean everyone lines up, row 25 first. I can't imagine fliers will go for that. Next best, they say, would be boarding all the window seats first, followed by those in the aisle. Obviously that's not practical, at least for couples or families traveling together.'"

tuxeater123 writes "According to a blog posting at BusinessWeek.com, the iPhone SDK could be pushed back by another 1-3 weeks. Unfortunately, the evidence provided, such as the media announcements that are usually made before most Apple releases, suggests that this may indeed be true. Apple usually sticks to their announced deadlines, however they have been known to break them occasionally."

An anonymous reader writes "As the battle rages over a Canadian DMCA, Microsoft Canada has published an op-ed in a political newspaper that Michael Geist describes as astonishingly misleading and factually incorrect. Microsoft tries to argue that Canadian copyright law provides no legal protections, even after it received one of the largest copyright damage awards in Canadian history just one year ago."

The Association for Computing Machinery has announced the 2008 Turing Award Winners. Edmund M. Clarke, Allen Emerson, and Joseph Sifakis received the award for their work on an automated method for finding design errors in computer hardware and software. "Model Checking is a type of "formal verification" that analyzes the logic underlying a design, much as a mathematician uses a proof to determine that a theorem is correct. Far from hit or miss, Model Checking considers every possible state of a hardware or software design and determines if it is consistent with the designer's specifications. Clarke and Emerson originated the idea of Model Checking at Harvard in 1981. They developed a theoretical technique for determining whether an abstract model of a hardware or software design satisfies a formal specification, given as a formula in Temporal Logic, a notation for describing possible sequences of events. Moreover, when the system fails the specification, it could identify a counterexample to show the source of the problem. Numerous model checking systems have been implemented, such as Spin at Bell Labs."