Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Heartbleed: Serious OpenSSL zero day vulnerability revealed (heartbleed.com) 1

An anonymous reader writes: ZDNet reports: New security holes are always showing up. The latest one, the so-called Heartbleed Bug in the OpenSSL cryptographic library, is an especially bad one. The flaw can potentially be used to reveal not just the contents of a secured-message, such as a credit-card transaction over HTTPS, but the primary and secondary SSL keys themselves. This data could then, in theory, be used as a skeleton keys to bypass secure servers without leaving a trace that a site had been hacked.

Experts Say To Switch Browsers In Light of IE Vulnerability 455

It appears that the exploit in IE briefly mentioned a few days ago is causing a serious reaction: SteveAU writes "Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched. The flaw, which affects all versions of Microsoft Internet Explorer, is manifested via malware and has infected over 6,000 sites thus far. Microsoft states: 'The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.'" According to the BBC report, though, Microsoft itself is only asking that users be "vigilant while it investigated and prepared an emergency patch"; it's outside experts who say to dump IE (at least for now).

Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.
The Courts

Submission + - Judge Strikes Down 2 Patriot Act Provisions (nytimes.com)

An anonymous reader writes: An Oregon judge ruled yesterday that two provisions of the Patriot Act were illegal, upholding the right of people to be secure in their homes. The decision is currently being reviewed by the Justice Department, who could not be reached for comment.
Operating Systems

Submission + - VMWare Player + EasyVMX! = Virtual Machine Bliss (easyvmx.com)

Simon writes: Although virtual machine software cater for many uses, I am particularily excited about the possibility of running one or more OSes in a virtualised environment. From a developer's perspective, it makes testing and development of (sometimes cross-platform) software a hell of a lot easier, whilst for the common enthusiast it's an excellent tool for evaluating different OSes (i.e. Linux distros).

Most who have played around with Virtual Machines would probably have heard of the excellent (and free) VMWare Player, which "makes it easy to operate any virtual machine created by VMware Workstation, VMware Server or VMware ESX Server, as well as Microsoft virtual machines and Symantec LiveState Recovery disks".

That's all well and good, but to create a virtual machine for, say an .iso of a Linux distro, can be quite time consuming an complex for newbies and professionals alike. That's why I thought I'd share with you a little gem I discovered called EasyVMX! . As stated by the developer, " EasyVMX! is the simple and failsafe way to create complete virtual machines for VMware Player on the web". And it's true. I can't believe how brilliant, yet simple, this online tool is in assisting with creating virtual machines. I have noticed that EasyVMX! has attracted a lot of attention as of late, with brilliant reviews from both the Linux community and virtualisation entusiasts in general, but what about the non-technical users out there? I believe that a mainstream group of VM users would significantly raise a higher level of awareness about the alternative OSes available and hopefully push development even further. EasyVMX! comes in three different flavours, and all you need to do is follow step by step instructions on memory size/disk size/processor details/host system and so forth and then let EasyVMX! create the virtual machine for you in no time. The end result is a zip file ready for download containing all the config files, ready to be booted with VMWare Player.

The developer has made available plenty of other resources as well, including a tutorial for beginners.

If you have yet to jump on the virtual machine wagon, I strongly suggest you get into it. It's simple, fun and for everyone to enjoy no matter for what purpose. I realise that this might seem like a shameless plug for VMWare Player and EasyVMX!, but this is a combo I have found very useful and simple for me. The broader message is that virtualisation is great, regardless of what tools you might choose to do the job.


Submission + - Two Patriot Act Provisions Ruled Unconstitutional

buswolley writes: Judge Ann Aiken in Federal court ruled two key provisions of the Patriot Act unconstitutional. According to the ruling, the Patriot Act provisions unconstitutionally circumvented the 4th Amendment, and removed the checks and balances provided for by our Constitution. This is a great victory for the people of the United States, and demonstrates the inherent strength of our system of government.

Submission + - Verizon bans pro choice texting

fermion writes: The NYT is reporting that Verizon has banned text ads based on controversial content. While many would agree that, as a private carrier, Verizon have every right to so do, there are other concerns. For instance, from the article, "The dispute over the Naral messages is a skirmish in the larger battle over the question of "net neutrality" — whether carriers or Internet service providers should have a voice in the content they provide to customers." What makes this more interesting is these are not push messages, but messages requested for one time delivery by the customer. If Verizon is going to play Big Brother and censor customers content, perhaps that is one more reason to move to AT&T, even if it does not provide equal service.
Linux Business

Submission + - Novell Linux business spikes since Microsoft deal (idg.com.au)

StonyandCher writes: "Novell's Linux business has soared 243 percent since last November when the company signed its controversial deal with Microsoft. "The affect on sales year over year, for Novell's first three quarters of our fiscal year, which ends Oct. 31 — our Linux business was up 243 percent year over year," said Justin Steinman, director of marketing at Novell, who, along with executives from both companies, spoke at a program hosted by the Massachusetts Technology Leadership Council."

Slashdot Top Deals

Logic doesn't apply to the real world. -- Marvin Minsky