Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Fraudulent Netflix Ratings

Nom du Keyboard writes: For not the first time I notice a new film that hasn't yet even reached the theaters with hundreds of positive votes and/or reviews recorded on Netflix. This time the move is Inkheart. For a movie that doesn't even hit the theaters until January 23 it already has 428 votes and a rating of 4.3 (out of five) on Netflix. Seems more than a bit fraudulent to me. Also it has a review that doesn't even review the movie, but instead says the books are great therefore the movie should be too. Does the word "shills" come to mind? With millions spent just to promote a movie are a few hundred of that going to phony voters, or have that many people actually seen the film and just can't wait to rush home and log onto Netflix to vote? Just what is the responsibility here to provide honest ratings?

Solution Against Cold Boot Attack In the Making 260

Bubba writes "I just discovered this blog: Frozen Cache. It describes a concept for preventing cold boot attacks by saving the encryption key in the CPU cache. It is claimed that by disabling the CPU cache the key will remain in cache and won't be written to memory. The blog says they're working on a proof-of-concept implementation for Linux. Could this really turn out to be a working solution?" Update: 01/19 20:26 GMT by KD : Jacob Appelbaum, one of the authors of the cold boot attack paper, wrote in with this comment: "It's not a solution. It simply seeks to make it more obscure but an attacker would certainly still be able to pull off the attack. From what is on that blog, there's still a full keyschedule in memory at this time. This is how we reconstruct the key, the redundant information in memory; it's not just the 128/256 bit key itself. For older methods, they needed the actual specific key bits but we don't need them because we recreate them. Basically, the CPU is acting as a ghetto crypto co-processer. Emphasis on ghetto. It's a nice suggestion but the devil is in the details and sadly the details in this case aren't really up to snuff. It's a bogus solution."
United States

Submission + - Top 10 IT priorities for Obama (pcauthority.com.au)

Slatterz writes: Tuesday's swearing-in will be a landmark not only for its cultural and social implications, but also for its impact on technology. Obama has promised to be more in touch with the cutting edge of the internet and tech world than any previous President. He's already said that the nation will get its first chief technology officer and has started making appointments that put people with technological knowledge in the driving seat rather than politically reliable hacks. As the nation gets ready for the end of the Bush era and the beginning of the Obama one we thought it right to suggest a few IT priorities that the new president might like to address. From webcasting to the DMCA to net neutrality — a list of top ten IT priorities for the new president.

Submission + - What should I ask Slashdot?

TodMinuit writes: "Dearest Slashdot: Recently, I've wanted to ask Slashdot something. Unable to come up with a question myself, I thought who better to ask what I should ask Slashdot than Slashdot itself? Surely the very people answering the question are quite capable of coming up with one. So, Slashdot, what should I ask Slashdot?"

Submission + - Firefox No Longer Alternative Enough

Kelson writes: "The Alternative Browser Alliance, which promotes the use of alternative browsers over Internet Explorer, has stopped promoting Firefox after nearly two years. According to the announcement, Firefox has sold out, gone mainstream, and "is no longer an alternative web browser."

Reportedly the site will throw its weight behind iCab, as it is guaranteed to remain alternative since it will never run on Windows Vista.""

Submission + - Slashdot Announces Early End To April Fools

forkazoo writes: "A number of you have posted expressing concern about Slashdot's enthusiasm for April Fools jokes. Since Slashdot has always striven to be perceived as a legitimate news source, we have had an internal discussion, and decided to immediately end all our articles which are not fully verified for today. This site was never about just personal amusement. The point has always been to provide absolutely articulate, well edited articles to inform the IT community about new events which could effect their jobs. Because the April Fools jokes make this site look like some sort of personal blog for CmdrTaco, I am happy to announce that we declare that we will never violate the trust that you have in us ever again. For the rest of the day, you will be able to enjoy the carfully edited, duplicate-pruned, always relevant articles which you have come to know and explectr."

Submission + - OSX on AppleTV

An anonymous reader writes: As AppleTVhacks.net reports, hacker semthex, who already made AppleTV OS run on mac, now did it again and made AppleTV run OSX. The special kernel is powered with a processor emulation and allows to run full blown GUI and even iTunes. Does this turn the little TV settop box into a third world mac-mini now?

Submission + - Picasa Web launched!

partenon writes: "I was reading my emails today when I noted a new link in the top links: "photos". When I clicked, Picasa Web appeared! It seems that Google have decided to launch a Flickr-like service. The URL is: http://picasaweb.google.com/ . You'll have 1GB of free storage. If you need more, you can buy a year of storage, ranging from 7GB (USD 25.00) to 251GB (USD 500.00). Woot !"
The Internet

Journal Journal: 10 Reasons Why Your Website Will Never Make A Dime

http://www.ebizmba.com/articles/making+money+online.html If you've picked up any business magazines within the last year, you've undoubtedly heard the rumors that everyone is getting rich online. Yet, somehow even after you worked so hard to scrape together a website and found some fabulous widget to sell your online venture has yielded little to no money, Why? eBizMBA surveyed over 250 webmasters with sites ranked in the Al

Submission + - Is this bad advice from an IT manager?

e-scetic writes: We've secured funding for building a new website to replace our current one. My direct managers, however, not being technically inclined, are seeking input from our Manager of IT. In response, he has set down a number of dictates that he wants us to follow. Here's the part that frightens me most:

  • 4. You should avoid security issues for now and concentrate on multiple user access for maintenance and updates login issues.
  • 5. You must not worry about performance. You need to concentrate on making a workable website first. You must keep it simple.

Some details: I wanted to create a development and production environment, with a development server using version control and pushing stable changes to the live production server. I wanted to isolate the databases to a separate database server, with each web server remote logging to the database server (using syslog-ng). As we'll be generating email newsletters to the tune of 60k emails per issue, I wanted a separate machine for that too (PostFix, most likely). And most importantly, I wanted to spend time early in the project hardening everything — mod_security, mod_evasive, firewalls, intrusion detection, chroot jails, OS lockdown, SSH, etc., the works, before we began development

But the IT Manager is saying to do this:

  • 10. You must design everything on one server for simplicity and design it in such a way to split the application when you need to do so (when it goes on line). I mean your database, your website, and your email server can all be developed on the same simple prototype server hardware.
  • 12. Leave purchasing the actual hardware are for close to the end of the project when it needs to go on line.

I don't believe this is good advice, given we have one year to complete the project I think my route is safest. Can the Slashdot community advise my non-technical managers as to which of us, me or the IT manager, is on the right track? Or Maybe give advice on how to deal with this IT Manager?

Submission + - Google changing history?

jrsumm writes: The investigative subcommittee of the House Science and Technology committee is investigating whether Google is "airbrushing" history on Google Maps by replacing recent New Orleans satellite imagery with older, pre-Katrina imagery. Specifically, the committee wants to know if Google was persuaded into changing its imagery by local governments eager to make the recovery effort look like its going smoother than it really is. Google says it is just using higher resolution imagery now. CNN has the story here.
United States

Submission + - Dell Sneaking Keyloggers into their Laptops?

James Allanson writes: "Immagine that the government was listening in to your phone calls — you've heard about them bugging terrorists, but surely they wouldn't bother with you right? Wrong. This article (although old) shows that dell have been shipping laptops with keyloggers built in. Dell claim that "The intregrated service tag identifier is there for assisting customers in the event of lost or misplaced personal information." However the Department of Homeland Security says that information about the circuit is "... exempt from being disclosed under the FOIA [Freedom of Information Act]." Very fishy."

Submission + - T.J. Maxx owner: 46M card numbers stolen

Anonymous Coward writes: "NEW YORK (CNNMoney.com) — The retailer that owns the T.J. Maxx and Marshall's clothing chains said nearly 46 million customer card numbers were stolen from its computers over an 18-month period and said the total number of stolen cards may never be known. TJX (Charts), which also operates other store chains in North America and the U.K., also said 455,000 customers who returned merchandise without receipts had their personal data stolen, including driver's license numbers. The retailer made the disclosures in an SEC filing late Wednesday. TJX is being sued by affected cardholders in the U.S., Canada and Puerto Rico. Spokeswoman Sherry Lang told CNN that 45.7 million card numbers had been stolen but noted that 75 percent of those cards were either expired or had their data masked. http://money.cnn.com/2007/03/29/news/companies/tjx /?postversion=2007032909"

Submission + - Telco glitch lets others listen in to phone calls

coondoggie writes: "Talk about an invasion of privacy. Australia's second largest telecom vendor Optus is currently struggling to correct a fault in its network that lets customers to eavesdrop on others' phone calls.Initial reports said the glitch was limited to Optus' pre-paid mobile service, but smh.com.au readers have described the problem occurring in Optus' landline network as well. Reports describing the glitch first appeared on the popular online broadband community, Whirlpool in its Optusnet community. http://www.networkworld.com/community/?q=node/1307 4"

Slashdot Top Deals

Have you reconsidered a computer career?