An anonymous reader writes "According to a thread on the bind-users mailing list, there is nothing inherent in the DNS protocol that would cause the massive vulnerability discussed at length here and elsewhere. As it turns out, it appears to be a simple off-by-one error in BIND, which favors new NS records over cached ones (even if the cached TTL is not yet expired). The patch changes this in favor of still-valid cached records, removing the attacker's ability to successfully poison the cache outside the small window of opportunity afforded by an expiring TTL, which is the way things used to be before the Kaminsky debacle. Source port randomization is nice, but removing the root cause of the attack's effectiveness is better."
Update: 08/29 20:11 GMT by KD : Dan Kaminsky sent this note: "What Gabriel suggests is interesting and was considered, but a) doesn't work and b) creates fatal reliability issues. I've responded in a post here."

javierzinho writes "For many years I have been using LaTeX to compose scientific documents, but truly I am getting tired of its complexity. You have to install new packages for new features, compatibility issues are everywhere, you need to know commands for everything, table composition is torture, image insertion is an odyssey if you don't have the 'right' format, and you need to be a LaTeX Jedi master to create a new document class. I'm looking for a document processor (not a word processor) that is a viable replacement for LaTeX, possessing all of its advantages — consistency between text and math text, automated cross references, direct PDF creation, etc. — but that is not stuck in the 1980s with the compiler metaphor and weird font technology. An application with visual interface and so on. I've tried Scientific Word and Lyx but both are front-ends for LaTeX. Publicon only produces PDF files by exporting to LaTeX and subsequently using pdflatex. Add-ons for MS-Word are a joke, and webEq is intended for web publishing, not for PDF production. Does anybody know of a decent, scientific-structured document processor that is a modern application?"

Last week CVG had a story from the Official PlayStation Magazine, a print entity partnered with the website, about limitations Rockstar faces on the 360. For almost the first time, we're now hearing about a title where lack of space on the disc and the lack of a guaranteed hard drive may be detrimental to Microsoft's console. "[Rockstar's creative vice president Dan Houser] continued, 'To be honest with you we haven't solved all those riddles yet.' The difficulties aren't limited to working on Microsoft's box, as Houser explains that 'both have enormous challenges' and that 'both have their own particular pleasures and pains'. Rockstar hasn't said anything about a target SKU between the two consoles, but they're currently demoing the game to press running on an Xbox 360 - so we wouldn't worry too much if you've only got Microsoft's console. Look for more on GTA IV in the next few weeks."

dtienes writes "Why does IT get a free pass to insult users? Slamming customers isn't acceptable in any other profession; doctors don't call their patients "meatbags" — at least, not publicly. But IT professionals think nothing of wearing their scorn on their sleeves (or at least their chests — just check out ThinkGeek). There's more at stake here than just a few hard feelings. IT may be seriously damaging the credibility of the profession. See the essay I'm An Idiot (And Other Lessons From The IT Department) for a former IT professional turned user's take on insults, attitudes and ethics. (Full disclosure: The submitter is also the author.)"

yavori writes "Internet Explorer 7 has kicked in at last on all MS Windows OS running PCs because of the fact M$ decided to force it's users to migrate through update. In fact this has started a IE7 Web Developers Nightmare. The article actually explains that most of the small company B2C sites may just fall from grace because of IE7 incompatibility. One of the coolest thing IE7 is unable to do is actually processing form data when clicked on an INPUT field of TYPE IMG... which is pretty uncool for those using entire payment processes with such INPUT fields."

netbuzz writes "A messaging service called VaporStream announced today at DEMOfall will allow any two parties to communicate electronically without leaving any record of their interaction on any computer or server. Messages cannot be forwarded, edited, printed or saved. After they're read, they're gone."

Mr. E. writes "In a sneaky legal maneuver, SCO's lawyers managed to ambush an IBM witness into having to give a no-holds-barred deposition in front of an unrelated court in another state. After SCO was limited in what they could depose Mr. Otis Wilson about by the Utah court, the company blindsided IBM with last-second subpoenas before a North Carolina court. IBM's lawyer was on vacation at the time, didn't give prior notice to big blue, and now they've won the right to ask him anything they want. They've asked him about whether he has a criminal record, about ex-wives, etc. and they have four hours in which to do so. According to PJ of Groklaw, 'I'd say [Magistrate Judge Brooke Wells] has thrown poor Mr. Wilson to the wolves in North Carolina and told him it's his own fault.' SCO, of course, is fishing for something — anything — they can use to stave off IBM's Motion for Summary Judgement which is fast approaching, and if they can somehow trip up Mr. Wilson, they might be able to do just that. However, there was at least one line of cold comfort in Magistrate Well's order '[T]he court wishes to note that its decision should not be viewed as any type of invitation to reopen the discovery process.'"

escay writes "Cardinal, the Beta 1 version of Firefox-based browser Flock, was released Tuesday with many polished features. Some of the features include drag-and-drop photo uploading for Flickr and Photobucket, an in-built RSS aggregator, direct blogging tool, and shared favorites/bookmarks. In step with Web 2.0 philosophy, Flock provides a rich user-centric experience, making it easier to bring information to the user and vice versa. It is available for Linux/Mac/Windows, and you can download it here. (And for those of you trying to get Flash working in Firefox on an AMD64 Linux machine, try this and be pleasantly surprised!)"

wigwamus writes "BitTorrent inventor Bram Cohen warns on potential 'absurdity' of Network Neutrality laws and concedes that his hook-up with Cachelogic is creating a system that might contravene Network Neutrality. He suggests there'd be no difference between big media footing the bill for their own upload costs of their offerings and subsidizing the consumer's download costs of the same."

mustafap writes "UK tech site The Register is reporting on security guru Bruce Schneier's observation that the disk encryption system to be shipped with Vista, BitLocker, will make dual booting other OSs difficult - you will no longer be able to share data between the two." From the article: "This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. 'You could look at BitLocker as anti-Linux because it frustrates dual boot,' Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users."