Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - SCO Puts Unix Assets On the Block (

itwbennett writes: SCO Group announced Thursday that it plans to auction off most of its Unix assets, including 'certain UNIX system V software products and related services,' ITworld reports. 'This asset sale is an important step forward in ensuring business continuity for our customers around the world,' said Ken Nielsen, SCO chief financial officer, in a statement. 'Our goal is to ensure continued viability for SCO, its customers, employees and the Unix technology.' Interested parties must submit a bid for the assets by Oct. 5.
United States

Submission + - Public Clearinghouse Proposed for Evoting Failures (

Hugh Pickens writes: "Alice Lipowicz writes in Federal Computer Week that Lawrence Norden, senior counsel to the Brennan Center for Justice at New York University School of Law, has reviewed hundreds of reports of problems with electronic voting systems during the last eight years and is recommending a new regulatory system with a national database, accessible by election officials and others, that identifies voting system malfunctions reported by vendors or election officials and that new legislation require vendors report evoting failures to the clearinghouse. "We need a new and better regulatory structure to ensure that voting system defects are caught early, officials in affected jurisdictions are notified immediately, and action is taken to make certain that they will be corrected for all such systems, wherever they are used in the United States," writes Norden adding that election officials rely on vendors to keep them aware of potential problems with voting machines, which is often done voluntarily and that voting system failures in one jurisdiction tend to be repeated in other areas, resulting in reduced public confidence and lost votes."

Submission + - Libraries Will Survive (

An anonymous reader writes: I work for a public library and we have put together a video with our staff highlighting our hectic existence as public librarians and the crazy stresses induced by budget cuts:

The video is set to the disco hit "I Will Survive" and features staff at all 8 of our branches. It starts with a satirical introduction to library life and then performs a fabulous(!) disco sparkle transition to the music video.

The music video is also available by itself:

I think librarians, geeks, and fans of literacy (and disco!) would enjoy this video and I hope you'll consider posting it.
Sean Bonney
Graphic Designer
Central Rappahannock Regional Library


Submission + - Adobe releases new 64-bit Flash plugin for Linux ( 1

TheDarkener writes: Adobe seems to have made an about face regarding their support for native 64-bit Linux support for Flash today, and released a new preview Flash plugin named "Square". This includes a native 64-bit version for Linux, which I have verified works on my Debian Lenny LTSP server by simply copying to /usr/lib/iceweasel/plugins — with sound (which I was never able to figure out with running the 32-bit version with nspluginwrapper and pulseaudio).

Submission + - Ubuntu 10.10 Maverick Boots in 8.6 Seconds Flat! ( 1

dkd903 writes: Ubuntu 10.10 has only entered the Beta. However, it looks like it is doing extremely well in cutting down the boot time.

There is even a video showing Ubuntu 10.10 in a mere 8.6 seconds. That is the total time it takes from GRUB to get to a usable desktop. However the computer on which this happened, uses a SSD.

Comment Re:But will it work after the virus evolves? (Score 1, Offtopic) 71

Maybe this was a troll, but I'll respond anyway. Members of the Church of Jesus Christ of Latter Day Saints (aka Mormons) do believe that God created the Earth. Which is "creationism". However most LDS folks also believe in evolution (e.g. as part of God's creation) and BYU was one of the very first schools to teach evolution. Last year BYU had a big, well-publicized week-long celebration of Darwin's birthday that included many lectures on the importance of the discovery of evolution.

Comment Re:I do it (Score 2, Insightful) 1324

what do you do for your children's social development?

All sorts of things.

Weekly co-operative learning with groups of other homeschooling families. Sports teams. Singing groups. Piano lessons and recitals. Scouting. Church meetings and activities. Playing with friends. ... it's not like they're trapped in the house!

Comment Re:Good (Score 2, Insightful) 1324

Maybe there are a lot of "ultra fanatic religious" nuts who homeschool their children.

But there are also a LOT of homeschoolers that are doing it simply to help their children get real educations.

We associate with many other homeshooling families in our area and they range across a good spectrum of religious beliefs: protestant, catholic, mormon, buddhist, agnostic and atheist. Once a week the families get together for some social time and larger group learning. The adults and kids get along great, and have a great time doing fun, active learning. If anything it is the atheists that are the most fervent in bringing up religion during the co-op learning activities.

Comment Re:Home schooling vs. school duty (Score 4, Insightful) 1324

There are a lot of us who home-school for non-religious reasons... Please quit perpetuating a bad stereotype. Some of us simply care about the the pace our children are learning things, and about the quality and content of the education. We (my wife and I) are not doing anything "special" or worthy of bragging about in terms of spectacular teaching - yet our kids test well beyond other kids their age in math and reading, and they can tell you all sorts of things about classic literature, history, logic/reasoning, and geography, that very few other kids under 10 years old have even heard of. Reducing the student/teacher ratio, and cutting out the crap makes a big, big difference.

Submission + - Book review of PCI Compliance

Ben Rothke writes: "Ben Rothke Ben Rothke 2 0 2007-08-02T20:09:00Z 2007-08-02T20:18:00Z 2007-08-02T20:18:00Z 3 752 4290 INS 35 10 5032 12.00 Clean Clean false false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif";}

It has long been rumored that manufacturers of items such as razors and batteries specifically produce their products an inferior level in order to ensure repeat business. A similar paradox is occurring in the information security space where many are complaining that the PCI Data Security Standard (PCI DSS) is too complex and costly. What is most troubling is that such opinions are being written in periodicals and by people that should know better.

PCI came to life when Visa, MasterCard, American Express, Diner's Club, Discover, and JCB collaborated to create a new set of standards to deal with credit card fraud. PCI requires that all merchants and service providers that handle, transmit, store or process information concerning any of these cards, or related card data, be required to be compliant with the PCI DSS. If they are not compliant, they can face monetary penalties and/or have their card processing privileges terminated by the credit card issuers.

The primary purpose of PCI is to force organizations to embrace common security controls to protect credit card data and reduce fraud and theft. The following are the six primary control areas and 12 specific requirements of the PCI DSS:

Build and maintain a secure network

1. Install and maintain firewall configurations

2. Do not use vendor-supplied or default passwords

Protect cardholder data

3. Protect stored data

4. Encrypt transmissions of cardholder data across public networks

Maintain a vulnerability management program

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to need-to-know

8. Assign unique IDs to each person with computer access

9. Restrict physical access to cardholder data

Regularly monitor and test networks

10. Monitor and track all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an information security policy

12. Maintain a policy that addresses information security

A quick review of these 12 items shows that PCI is a textbook example of the fundamentals of information security. With that, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is an excellent resource that provides the reader with all of the fundamental information needed to understand and implement PCI DSS.

The books 13 chapters provide the reader with a comprehensive overview of all of the details and requirements of PCI. The first three chapters provide an overview of the basics about PCI and the basic requirements of the standard. The following six chapters go into detail about each of the primary control areas.

In particular, chapter 6 provides a good overview of the PCI logging requirements. This requirement can be time-consuming to put into place. The author notes that a commonly overlooked but essential requirement, namely that of accurate and synchronized time on network devices. Enterprise information network and security infrastructure devices are highly dependent on synchronized time and PCI recognizes that correct time is critical for transactions across a network.

In a further discussion about synchronized time in chapter 9, the author unfortunately makes an error when he states that local hardware is considered a stratum 1 time source since it gets its time from its own CMOS. From an NTP perspective, only a device that is directly linked to a stratum-0 device is called a stratum-1. CMOS clocks are notoriously inaccurate and can't be relied upon.

The title of chapter 12 is both amusing and accurate 'Planning to fail your first Audit'. The irony is that so many organizations lack a CISO or formal business security program in place designed to protect corporate information assets. They don't focus on information security as a process, rather as a set of products or regulatory items to be checked-off. Yet, these same organizations are surprised when they fail an audit.

The book concludes in chapter 13 with the well-known observation that security is a process, not an event. The book astutely notes that it is impossible to be PCI compliant without approaching security as a process. Trying to achieve compliance without integrating the various aspects in an integrated fashion is bound to fail.

Overall, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is a great book for one of the most sensible security standards ever. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find the book to be quite valuable.

Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know

Submission + - Jumpstarters For the Road To Compliance?

frustratedbyitall writes: The recent discussion about implementing Unalterable Audit Logs for PCI DSS compliance, has sparked my interest in getting community advice on the larger topic of PCI DSS (and HIPPA, SOX etc.) compliance. What tools have you found useful? Are there any good free (or cheap) template policy documents? What have been the biggest challenges to your organization (outside of organizational issues) in achieving the holy grail of compliance and how did you conquer them? I've done a lot of research and it's really easy to find lots of firms wanting to help you out with consulting hours and/or products. Given that these are issues currently being faced by thousands of organizations, of course it was inevitable that a whole ecosystem would evolve around compliance of these relatively new policy standards. However, most of what I find seems to be junk, and it is therefore hard to distinguish the junk from the useful. For example, with respect to template policy documents I located several companies charging hundreds or thousands for templates that are of questionable quality. I have also found free templates at a few web sites, but they are more skeleton that template (contain outlines but no actual text). I'm also interested in finding good "how-to" guides for implementing a number of the system and network requirements — in order to curtail some amount of internal debate on such topics. For a company that has personnel on hand that are capable of achieving compliance, but would prefer to find some "jump starters", what can you suggest?

Submission + - Open Source ERP - wich one ?

davidsalgado writes: "Hi ! Thanks for reading this. The company I work for is a Latin American, Consulting/Software Solution Provider and we have experienced with Open Source Software in the server area and implemented several LAMP apps. to CRM (Tutos), Ticketing System (OneOrZero) and a small Accounting (KMyMoney). This year, we want (need) to integrate operations, CRM, Support for our customers and accounting. We're considering an Open Source ERP and we have seen and tried to evaluate many choices. At this point we have evaluated: — TinyERP — — WebERP — — Compiere — — Adempiere — — OpenBravo — Seen, but no eval — OpenTaps — — Has any of you experienced with any of these ERP's ? Would you recommend/discard any ? We're willing to pay support/documentation/licensing if is needed, but we would like to stick to Open Source and better FLOSS/GPL software. Thanks for your time, your feedback is welcome."

Slashdot Top Deals

"The eleventh commandment was `Thou Shalt Compute' or `Thou Shalt Not Compute' -- I forget which." -- Epigrams in Programming, ACM SIGPLAN Sept. 1982